Fortinet black logo

Administration Guide

Implement configurations

Copy Link
Copy Doc ID 2cb222d1-3405-11ea-9384-00505692583a:575053
Download PDF

Implement configurations

CLI configurations can be implemented on the device itself to control network access based on host state using model configuration. They can also be associated with a role or a network access policy. Devices that connect to devices or ports with that role trigger the application of the CLI configuration. Hosts that connect to devices or ports associated with the network access policy trigger the application of the CLI configuration. CLI configurations can be applied to device or port groups based on a scheduled task.

When a CLI configuration has been applied based on one of the criteria listed above, it remains in effect until something else happens. For example, if a CLI configuration is applied based on a network access policy, when the host connects to a port and both the host and the port are included in the policy, the associated CLI configuration is applied. The CLI configuration remains applied to the port until a different CLI configuration is applied or the UNDO commands are triggered. A host disconnect or a VLAN change will trigger the UNDO.

Implement configurations

CLI configurations can be implemented on the device itself to control network access based on host state using model configuration. They can also be associated with a role or a network access policy. Devices that connect to devices or ports with that role trigger the application of the CLI configuration. Hosts that connect to devices or ports associated with the network access policy trigger the application of the CLI configuration. CLI configurations can be applied to device or port groups based on a scheduled task.

When a CLI configuration has been applied based on one of the criteria listed above, it remains in effect until something else happens. For example, if a CLI configuration is applied based on a network access policy, when the host connects to a port and both the host and the port are included in the policy, the associated CLI configuration is applied. The CLI configuration remains applied to the port until a different CLI configuration is applied or the UNDO commands are triggered. A host disconnect or a VLAN change will trigger the UNDO.