Manage policies
Create Portal Policies to assign a portal when an unregistered host connects to the network. Policies are selected for a connecting host by matching host attributes to the criteria defined in the associated user/host profile. The first policy that matches the host data is assigned.
If the host does not match any policy, it is assigned the default Portal. See Select a default portal. |
If you create a user/host profile with fields Where (Location) set to Any, Who/What by Group set to Any, Who/What by Attribute left blank and When set to always, it matches ALL users and hosts. This is essentially a Catch All profile. If this user/host profile is used in a policy, all policies below that policy are ignored when assigning a policy to a user or a host. To highlight this, policies below the policy with the catch all profile are grayed out and have a line through the data.
The best way to use a Catch All profile is to create a general policy with that profile and place it last in the list of policies.
Settings
An empty field in a column indicates that the option has not been set.
Field |
Definition |
||
---|---|---|---|
Rank Buttons |
Moves the selected policy up or down in the list. Host connections are compared to Policies in order by rank. |
||
Set Rank Button |
Allows you to type a different rank number for a selected policy and immediately move the policy to that position. In an environment with a large number of policies this process is faster than using the up and down Rank buttons. |
||
Table columns |
|||
Rank |
Policy's rank in the list of policies. Rank controls the order in which host connections are compared to Policies. |
||
Name |
User defined name for the policy. |
||
Network Access Configuration |
Contains the configuration for the portal that will be assigned if this Portal Policy matches the connecting host. See Portal content editor. |
||
User/Host Profile |
Contains the required criteria for a connecting host, such as connection location. Host connections that match the criteria within the user/host profile are assigned the associated portal configuration. See User/host profiles. |
||
Where (Location) |
The connection location specified in the user/host profile. The host must connect to the network on a device, port or SSID contained within one of the groups shown here to be a match. When set to Any, this field is a match for all hosts or users. |
||
Who/What by Group |
User or Host group or groups specified in the user/host profile. These groups must contain the connecting user or host for the connection to be a match for this policy. When set to Any, this field is a match for all hosts or users. It is not recommended that you use groups in user/host profiles for Portal assignment because an unregistered host will not be contained in any host groups and user data is unknown until after the portal is assigned. |
||
Who/What by Attribute |
User or Host attributes specified in the selected user/host profile. The connecting host or user must have the attributes to be a match. See Filter example. Do not select user attributes in user/host profiles used to assign a portal. FortiNAC does not have access to any user attributes when an unregistered host connects to the network. Only the following host attributes are known at the time of connection: connection location, IP address, MAC address, and operating system. |
||
When |
The time frame specified in the selected user/host profile. The host must be on the network within this time frame to be a match. When set to Always this field is a match for all hosts or users. |
||
Note |
User specified note field. This field may contain notes regarding the data conversion from a previous version of FortiNAC. |
||
Last Modified By |
User name of the last user to modify the policy. |
||
Last Modified Date |
Date and time of the last modification to this policy. |
||
Right click options |
|||
Delete |
Deletes the selected Portal Policy. |
||
Modify |
Opens the Modify Portal Policy window for the selected policy. |
||
Show Audit Log |
Opens the admin auditing log showing all changes made to the selected item. For information about the admin auditing log, see Admin auditing.
|
||
Buttons |
|||
Export |
Exports the data displayed to a file in the default downloads location. File types include CSV, Excel, PDF, or RTF. See Export data. |