Fortinet black logo

Administration Guide

Add or modify a policy

Copy Link
Copy Doc ID 2cb222d1-3405-11ea-9384-00505692583a:953997
Download PDF

Add or modify a policy

  1. Select Policy > Policy Configuration.
  2. Select Authentication.
  3. Click Add or select an existing policy and click Modify.
  4. Enter a name for the policy.
  5. Use the settings below to configure the new authentication policy.
  6. Click OK to save your policy.
Settings

Field

Definition

Name

Enter a name that describes the policy configuration.

Authentication Method

When enabled, the selected authentication method will override all other authentication methods configured in the portal, guest/contractor template, and Persistent Agent credential configuration.

Invalid Credentials Message

Enables you to modify the error message displayed in the portal and Persistent Agent when a user fails to successfully authenticate.

Enable Authentication

When enabled, the user is authenticated against a directory, the FortiNAC database, or a RADIUS server when logging on to access the network.

Time in Production before Authentication

When a user is waiting to authenticate, the host remains in the production VLAN until this time expires. If the user fails to authenticate within the time specified, the host is moved to the authentication VLAN.

Time Offline before Deauthentication

Once the host is offline, the user will remain authenticated for this period of time. If the host comes back online before the time period ends, the user will not need to re-authenticate. If the host comes back online after the time period ends, the user will be required to re-authenticate.

Hosts which don't match a user/host profile that is associated with an authentication policy configuration will be deauthenticated after the system default time of 10 minutes. To ensure that all hosts get an authentication policy, create a catch all user/host profile and associate it to an authentication configuration.

Reauthentication Frequency

When set, this forces users to re-authenticate after the amount of time defined in this field passes since the last authentication regardless of the host's state. The host is moved to the authentication VLAN.

Note

Allows users to enter additional information about the policy.

Add or modify a policy

  1. Select Policy > Policy Configuration.
  2. Select Authentication.
  3. Click Add or select an existing policy and click Modify.
  4. Enter a name for the policy.
  5. Use the settings below to configure the new authentication policy.
  6. Click OK to save your policy.
Settings

Field

Definition

Name

Enter a name that describes the policy configuration.

Authentication Method

When enabled, the selected authentication method will override all other authentication methods configured in the portal, guest/contractor template, and Persistent Agent credential configuration.

Invalid Credentials Message

Enables you to modify the error message displayed in the portal and Persistent Agent when a user fails to successfully authenticate.

Enable Authentication

When enabled, the user is authenticated against a directory, the FortiNAC database, or a RADIUS server when logging on to access the network.

Time in Production before Authentication

When a user is waiting to authenticate, the host remains in the production VLAN until this time expires. If the user fails to authenticate within the time specified, the host is moved to the authentication VLAN.

Time Offline before Deauthentication

Once the host is offline, the user will remain authenticated for this period of time. If the host comes back online before the time period ends, the user will not need to re-authenticate. If the host comes back online after the time period ends, the user will be required to re-authenticate.

Hosts which don't match a user/host profile that is associated with an authentication policy configuration will be deauthenticated after the system default time of 10 minutes. To ensure that all hosts get an authentication policy, create a catch all user/host profile and associate it to an authentication configuration.

Reauthentication Frequency

When set, this forces users to re-authenticate after the amount of time defined in this field passes since the last authentication regardless of the host's state. The host is moved to the authentication VLAN.

Note

Allows users to enter additional information about the policy.