Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiNAC 8.8.0 Administration Guide
    8.8.0
    9.4.0
    9.2.0
    9.1.0
    8.8.0
    8.7.0
    8.6.0
    8.5.2
    8.3.0

    Manage policies

    Manage policies

    Create authentication policies to assign an authentication configuration when a host requires network access. Policies are selected for a connecting host by matching host and user data to the criteria defined in the associated user/host profile. The first policy that matches the host and user data is assigned.

    Note

    If the host does not match any policy, it is assigned the default authentication method configured in the Portal, guest template, or Persistent Agent Credential Configuration.

    If you create a user/host profile with fields Where (Location) set to Any, Who/What by Group set to Any, Who/What by Attribute left blank and When set to always, it matches ALL users and hosts. This is essentially a Catch All profile. If this user/host profile is used in a policy, all policies below that policy are ignored when assigning a policy to a user or a host. To highlight this, policies below the policy with the catch all profile are grayed out and have a line through the data.

    The best way to use a Catch All profile is to create a general policy with that profile and place it last in the list of policies.

    Authentication policies can be accessed from Policy > Policy Configuration > Authentication Policy.

    Settings

    An empty field in a column indicates that the option has not been set.

    Field

    Definition

    Rank Buttons

    Moves the selected policy up or down in the list. Host connections are compared to Policies in order by rank.

    Set Rank Button

    Allows you to type a different rank number for a selected policy and immediately move the policy to that position. In an environment with a large number of policies this process is faster than using the up and down Rank buttons.

    Table columns

    Rank

    Policy's rank in the list of policies. Rank controls the order in which host connections are compared to Policies.

    Name

    User defined name for the policy.

    Authentication
    Configuration

    Contains the configuration for the authentication policy that will be assigned if this authentication policy matches the connecting host.
    See Authentication configurations

    User/Host Profile

    Contains the required criteria for a connecting host, such as connection location, host or user group membership, host or user attributes or time of day. Host connections that match the criteria within the user/host profile are assigned the associated authentication configuration. See User/host profiles.

    Note

    User specified note field.

    Last Modified By

    User name of the last user to modify the policy.

    Last Modified Date

    Date and time of the last modification to this policy.

    Right click options

    Delete

    Deletes the selected authentication policy.

    Modify

    Opens the modify authentication policy window for the selected policy.

    Show Audit Log

    Opens the admin auditing log showing all changes made to the selected item.

    For information about the admin auditing log, see Admin auditing.

    Note

    You must have permission to view the admin auditing log. See Add an administrator profile.
    Previous
    Next

    Manage policies

    Manage policies

    Create authentication policies to assign an authentication configuration when a host requires network access. Policies are selected for a connecting host by matching host and user data to the criteria defined in the associated user/host profile. The first policy that matches the host and user data is assigned.

    Note

    If the host does not match any policy, it is assigned the default authentication method configured in the Portal, guest template, or Persistent Agent Credential Configuration.

    If you create a user/host profile with fields Where (Location) set to Any, Who/What by Group set to Any, Who/What by Attribute left blank and When set to always, it matches ALL users and hosts. This is essentially a Catch All profile. If this user/host profile is used in a policy, all policies below that policy are ignored when assigning a policy to a user or a host. To highlight this, policies below the policy with the catch all profile are grayed out and have a line through the data.

    The best way to use a Catch All profile is to create a general policy with that profile and place it last in the list of policies.

    Authentication policies can be accessed from Policy > Policy Configuration > Authentication Policy.

    Settings

    An empty field in a column indicates that the option has not been set.

    Field

    Definition

    Rank Buttons

    Moves the selected policy up or down in the list. Host connections are compared to Policies in order by rank.

    Set Rank Button

    Allows you to type a different rank number for a selected policy and immediately move the policy to that position. In an environment with a large number of policies this process is faster than using the up and down Rank buttons.

    Table columns

    Rank

    Policy's rank in the list of policies. Rank controls the order in which host connections are compared to Policies.

    Name

    User defined name for the policy.

    Authentication
    Configuration

    Contains the configuration for the authentication policy that will be assigned if this authentication policy matches the connecting host.
    See Authentication configurations

    User/Host Profile

    Contains the required criteria for a connecting host, such as connection location, host or user group membership, host or user attributes or time of day. Host connections that match the criteria within the user/host profile are assigned the associated authentication configuration. See User/host profiles.

    Note

    User specified note field.

    Last Modified By

    User name of the last user to modify the policy.

    Last Modified Date

    Date and time of the last modification to this policy.

    Right click options

    Delete

    Deletes the selected authentication policy.

    Modify

    Opens the modify authentication policy window for the selected policy.

    Show Audit Log

    Opens the admin auditing log showing all changes made to the selected item.

    For information about the admin auditing log, see Admin auditing.

    Note

    You must have permission to view the admin auditing log. See Add an administrator profile.
    Previous
    Next