Fortinet white logo
Fortinet white logo

Administration Guide

Manage policies

Manage policies

Create Portal Policies to assign a portal when an unregistered host connects to the network. Policies are selected for a connecting host by matching host attributes to the criteria defined in the associated user/host profile. The first policy that matches the host data is assigned.

Note

If the host does not match any policy, it is assigned the default Portal. See Select a default portal.

If you create a user/host profile with fields Where (Location) set to Any, Who/What by Group set to Any, Who/What by Attribute left blank and When set to always, it matches ALL users and hosts. This is essentially a Catch All profile. If this user/host profile is used in a policy, all policies below that policy are ignored when assigning a policy to a user or a host. To highlight this, policies below the policy with the catch all profile are grayed out and have a line through the data.

The best way to use a Catch All profile is to create a general policy with that profile and place it last in the list of policies.

Settings

An empty field in a column indicates that the option has not been set.

Field

Definition

Rank Buttons

Moves the selected policy up or down in the list. Host connections are compared to Policies in order by rank.

Set Rank Button

Allows you to type a different rank number for a selected policy and immediately move the policy to that position. In an environment with a large number of policies this process is faster than using the up and down Rank buttons.

Table columns

Rank

Policy's rank in the list of policies. Rank controls the order in which host connections are compared to Policies.

Name

User defined name for the policy.

Network Access Configuration

Contains the configuration for the portal that will be assigned if this Portal Policy matches the connecting host. See Portal content editor.

User/Host Profile

Contains the required criteria for a connecting host, such as connection location. Host connections that match the criteria within the user/host profile are assigned the associated portal configuration. See User/host profiles.

Where (Location)

The connection location specified in the user/host profile. The host must connect to the network on a device, port or SSID contained within one of the groups shown here to be a match. When set to Any, this field is a match for all hosts or users.

Who/What by Group

User or Host group or groups specified in the user/host profile. These groups must contain the connecting user or host for the connection to be a match for this policy. When set to Any, this field is a match for all hosts or users.

It is not recommended that you use groups in user/host profiles for Portal assignment because an unregistered host will not be contained in any host groups and user data is unknown until after the portal is assigned.

Who/What by Attribute

User or Host attributes specified in the selected user/host profile. The connecting host or user must have the attributes to be a match. See Filter example.

Do not select user attributes in user/host profiles used to assign a portal. FortiNAC does not have access to any user attributes when an unregistered host connects to the network. Only the following host attributes are known at the time of connection: connection location, IP address, MAC address, and operating system.

When

The time frame specified in the selected user/host profile. The host must be on the network within this time frame to be a match. When set to Always this field is a match for all hosts or users.

Note

User specified note field. This field may contain notes regarding the data conversion from a previous version of FortiNAC.

Last Modified By

User name of the last user to modify the policy.

Last Modified Date

Date and time of the last modification to this policy.

Right click options

Delete

Deletes the selected Portal Policy.

Modify

Opens the Modify Portal Policy window for the selected policy.

Show Audit Log

Opens the admin auditing log showing all changes made to the selected item.

For information about the admin auditing log, see Admin auditing.

Note

You must have permission to view the admin auditing log. See Add an administrator profile.

Buttons

Export

Exports the data displayed to a file in the default downloads location. File types include CSV, Excel, PDF, or RTF. See Export data.

Manage policies

Manage policies

Create Portal Policies to assign a portal when an unregistered host connects to the network. Policies are selected for a connecting host by matching host attributes to the criteria defined in the associated user/host profile. The first policy that matches the host data is assigned.

Note

If the host does not match any policy, it is assigned the default Portal. See Select a default portal.

If you create a user/host profile with fields Where (Location) set to Any, Who/What by Group set to Any, Who/What by Attribute left blank and When set to always, it matches ALL users and hosts. This is essentially a Catch All profile. If this user/host profile is used in a policy, all policies below that policy are ignored when assigning a policy to a user or a host. To highlight this, policies below the policy with the catch all profile are grayed out and have a line through the data.

The best way to use a Catch All profile is to create a general policy with that profile and place it last in the list of policies.

Settings

An empty field in a column indicates that the option has not been set.

Field

Definition

Rank Buttons

Moves the selected policy up or down in the list. Host connections are compared to Policies in order by rank.

Set Rank Button

Allows you to type a different rank number for a selected policy and immediately move the policy to that position. In an environment with a large number of policies this process is faster than using the up and down Rank buttons.

Table columns

Rank

Policy's rank in the list of policies. Rank controls the order in which host connections are compared to Policies.

Name

User defined name for the policy.

Network Access Configuration

Contains the configuration for the portal that will be assigned if this Portal Policy matches the connecting host. See Portal content editor.

User/Host Profile

Contains the required criteria for a connecting host, such as connection location. Host connections that match the criteria within the user/host profile are assigned the associated portal configuration. See User/host profiles.

Where (Location)

The connection location specified in the user/host profile. The host must connect to the network on a device, port or SSID contained within one of the groups shown here to be a match. When set to Any, this field is a match for all hosts or users.

Who/What by Group

User or Host group or groups specified in the user/host profile. These groups must contain the connecting user or host for the connection to be a match for this policy. When set to Any, this field is a match for all hosts or users.

It is not recommended that you use groups in user/host profiles for Portal assignment because an unregistered host will not be contained in any host groups and user data is unknown until after the portal is assigned.

Who/What by Attribute

User or Host attributes specified in the selected user/host profile. The connecting host or user must have the attributes to be a match. See Filter example.

Do not select user attributes in user/host profiles used to assign a portal. FortiNAC does not have access to any user attributes when an unregistered host connects to the network. Only the following host attributes are known at the time of connection: connection location, IP address, MAC address, and operating system.

When

The time frame specified in the selected user/host profile. The host must be on the network within this time frame to be a match. When set to Always this field is a match for all hosts or users.

Note

User specified note field. This field may contain notes regarding the data conversion from a previous version of FortiNAC.

Last Modified By

User name of the last user to modify the policy.

Last Modified Date

Date and time of the last modification to this policy.

Right click options

Delete

Deletes the selected Portal Policy.

Modify

Opens the Modify Portal Policy window for the selected policy.

Show Audit Log

Opens the admin auditing log showing all changes made to the selected item.

For information about the admin auditing log, see Admin auditing.

Note

You must have permission to view the admin auditing log. See Add an administrator profile.

Buttons

Export

Exports the data displayed to a file in the default downloads location. File types include CSV, Excel, PDF, or RTF. See Export data.