Fortinet black logo

Administration Guide

Profile example

Copy Link
Copy Doc ID 2cb222d1-3405-11ea-9384-00505692583a:884016
Download PDF

Profile example

Assume that you are running a network at a University. You have Students and Faculty that must be allowed on the network. Due to the volume of traffic you determine that you will have four VLANs. This division of network users requires a mechanism for matching them to the appropriate VLANs. To accomplish this task you must do the following:

  • Determine how you are going to divide your network users into four groups. In this case you decide that you will break up users as follows:
    • Students that connect to devices in Dorm A
    • Students that connect to devices in Dorm B
    • Faculty running Windows
    • Faculty running macOS
    • Make sure that Students are in a group labeled Students and Faculty are in a group labeled Faculty.
  • Make sure that you have two device groups, one for devices in Dorm A and another for devices in Dorm B.
  • Based on the divisions you have selected, you must create four user/host profiles. You need one Profile for each combination of data that defines a set of users, such as Students that connect to devices in Dorm A.
  • Create four network access configurations to configure the VLANs for your four groups of users.
  • Create four network access policies to map the four user/host profiles to the appropriate VLANs.

User/host profiles

Create four user/host profiles that have the following settings:

Name

Where (Location)

Who/What by Group

Who/What by Attribute

Time

Students Dorm A

Device Group = Dorm A Devices

User Group = Students

None

Always

Students Dorm B

Device Group = Dorm B Devices

User Group = Students

None

Always

Faculty
Windows

Any

User Group = Faculty

Host OS = Windows

Always

Faculty
macOS

Any

User Group = Faculty

Host OS = macOS

Always

Network access configurations

Create a network access configuration for each of the four VLANs that you wish to assign. For this example we will create configurations for VLANS 10, 20, 30 and 40.

Name

Access Value

Students Dorm A VLAN

10

Students Dorm B VLAN

20

Faculty Windows VLAN

30

Faculty macOS VLAN

40

Network access policies

Now you must map the user/host profiles to the network access configurations you created. That will tie the different types of users to the appropriate VLAN. Create four network access policies that contain the following data:

Name

User/host profile

Network access configuration

Students Connecting in Dorm A

Students Dorm A

Students Dorm A VLAN

Students Connecting in Dorm B

Students Dorm B

Students Dorm B VLAN

Faculty running Windows

Faculty Windows

Faculty Windows VLAN

Faculty running macOS

Faculty macOS

Faculty macOS VLAN

Profile example

Assume that you are running a network at a University. You have Students and Faculty that must be allowed on the network. Due to the volume of traffic you determine that you will have four VLANs. This division of network users requires a mechanism for matching them to the appropriate VLANs. To accomplish this task you must do the following:

  • Determine how you are going to divide your network users into four groups. In this case you decide that you will break up users as follows:
    • Students that connect to devices in Dorm A
    • Students that connect to devices in Dorm B
    • Faculty running Windows
    • Faculty running macOS
    • Make sure that Students are in a group labeled Students and Faculty are in a group labeled Faculty.
  • Make sure that you have two device groups, one for devices in Dorm A and another for devices in Dorm B.
  • Based on the divisions you have selected, you must create four user/host profiles. You need one Profile for each combination of data that defines a set of users, such as Students that connect to devices in Dorm A.
  • Create four network access configurations to configure the VLANs for your four groups of users.
  • Create four network access policies to map the four user/host profiles to the appropriate VLANs.

User/host profiles

Create four user/host profiles that have the following settings:

Name

Where (Location)

Who/What by Group

Who/What by Attribute

Time

Students Dorm A

Device Group = Dorm A Devices

User Group = Students

None

Always

Students Dorm B

Device Group = Dorm B Devices

User Group = Students

None

Always

Faculty
Windows

Any

User Group = Faculty

Host OS = Windows

Always

Faculty
macOS

Any

User Group = Faculty

Host OS = macOS

Always

Network access configurations

Create a network access configuration for each of the four VLANs that you wish to assign. For this example we will create configurations for VLANS 10, 20, 30 and 40.

Name

Access Value

Students Dorm A VLAN

10

Students Dorm B VLAN

20

Faculty Windows VLAN

30

Faculty macOS VLAN

40

Network access policies

Now you must map the user/host profiles to the network access configurations you created. That will tie the different types of users to the appropriate VLAN. Create four network access policies that contain the following data:

Name

User/host profile

Network access configuration

Students Connecting in Dorm A

Students Dorm A

Students Dorm A VLAN

Students Connecting in Dorm B

Students Dorm B

Students Dorm B VLAN

Faculty running Windows

Faculty Windows

Faculty Windows VLAN

Faculty running macOS

Faculty macOS

Faculty macOS VLAN