Fortinet black logo

Administration Guide

Portal policies

Copy Link
Copy Doc ID 2cb222d1-3405-11ea-9384-00505692583a:567487
Download PDF

Portal policies

A Portal Policy consists of one user/host profile and one portal configuration. The user/host profile is used to determine the hosts to which this policy might apply. The portal configuration controls the look and feel of the portal pages displayed to those users and hosts when they connect to the network and register. Portal Policies determine the portal assigned to a connecting host in an environment where there are multiple portals.

Portal Policies rely on a limited set of host information to match a portal configuration with a user/host profile. When an unregistered host connects to the network, there are only a few pieces of data that are known about the host and no data is known about the user. Therefore, the User/Host profile used in a Portal Policy can only use the connection location, the host IP address, the host MAC address or the operating system to match a connecting host.

Portal Policies are ranked with 1 being the highest rank. When a host connects to the network, the policies are evaluated from the highest rank down until a matching policy is found. That policy is assigned to the host and the portal within the policy is displayed.

Note

There may be more than one Portal Policy that is a match for this host/user, however, the first match found is the one that is used.

If you create a user/host profile with fields Where (Location) set to Any, Who/What by Group set to Any, Who/What by Attribute left blank and When set to always, it matches ALL users and hosts. This is essentially a Catch All profile. If this user/host profile is used in a policy, all policies below that policy are ignored when assigning a policy to a user or a host. To highlight this, policies below the policy with the catch all profile are grayed out and have a line through the data.

The best way to use a Catch All profile is to create a general policy with that profile and place it last in the list of policies.

If a host does not match any of the policies listed, FortiNAC connects the host to the user-specified default portal. See Select a default portal.

Portal policies

A Portal Policy consists of one user/host profile and one portal configuration. The user/host profile is used to determine the hosts to which this policy might apply. The portal configuration controls the look and feel of the portal pages displayed to those users and hosts when they connect to the network and register. Portal Policies determine the portal assigned to a connecting host in an environment where there are multiple portals.

Portal Policies rely on a limited set of host information to match a portal configuration with a user/host profile. When an unregistered host connects to the network, there are only a few pieces of data that are known about the host and no data is known about the user. Therefore, the User/Host profile used in a Portal Policy can only use the connection location, the host IP address, the host MAC address or the operating system to match a connecting host.

Portal Policies are ranked with 1 being the highest rank. When a host connects to the network, the policies are evaluated from the highest rank down until a matching policy is found. That policy is assigned to the host and the portal within the policy is displayed.

Note

There may be more than one Portal Policy that is a match for this host/user, however, the first match found is the one that is used.

If you create a user/host profile with fields Where (Location) set to Any, Who/What by Group set to Any, Who/What by Attribute left blank and When set to always, it matches ALL users and hosts. This is essentially a Catch All profile. If this user/host profile is used in a policy, all policies below that policy are ignored when assigning a policy to a user or a host. To highlight this, policies below the policy with the catch all profile are grayed out and have a line through the data.

The best way to use a Catch All profile is to create a general policy with that profile and place it last in the list of policies.

If a host does not match any of the policies listed, FortiNAC connects the host to the user-specified default portal. See Select a default portal.