Manage policies
Create network access policies to assign a VLAN, implement a CLI configuration or assign a VPN Group Policy when a host requires network access. Policies are selected for a connecting host by matching host and user data to the criteria defined in the associated user/host profile. The first policy that matches the host and user data is assigned.
|
If the host does not match any policy, it is assigned the default VLAN configured on the switch. |
If you create a user/host profile with fields Where (Location) set to Any, Who/What by Group set to Any, Who/What by Attribute left blank and When set to always, it matches ALL users and hosts. This is essentially a Catch All profile. If this user/host profile is used in a policy, all policies below that policy are ignored when assigning a policy to a user or a host. To highlight this, policies below the policy with the catch all profile are grayed out and have a line through the data.
The best way to use a Catch All profile is to create a general policy with that profile and place it last in the list of policies.
Settings
An empty field in a column indicates that the option has not been set.
|
Field |
Definition |
|---|---|
|
Rank Buttons |
Moves the selected policy up or down in the list. Host connections are compared to Policies in order by rank. |
|
Set Rank Button |
Allows you to type a different rank number for a selected policy and immediately move the policy to that position. In an environment with a large number of policies this process is faster than using the up and down Rank buttons. |
|
Table columns |
|
|
Rank |
Policy's rank in the list of policies. Rank controls the order in which host connections are compared to Policies. |
|
Name |
User defined name for the policy. |
|
Network Access Configuration |
Contains the configuration for the VLAN, CLI configuration or VPN Group Policy that will be assigned if this Access Policy matches the connecting host. See Network access configurations. |
|
User/Host Profile |
Contains the required criteria for a connecting host, such as connection location, host or user group membership, host or user attributes or time of day. Host connections that match the criteria within the user/host profile are assigned the associated network access configuration. See User/host profiles. |
|
Where (Location) |
The connection location specified in the user/host profile. The host must connect to the network on a device, port or SSID contained within one of the groups shown here to be a match. When set to Any, this field is a match for all hosts or users. |
|
Who/What by Group |
User or Host group or groups specified in the user/host profile. These groups must contain the connecting user or host for the connection to be a match for this policy. When set to Any, this field is a match for all hosts or users. |
|
Who/What by Attribute |
User or Host attributes specified in the selected user/host profile. The connecting host or user must have the attributes to be a match. See Filter example. |
|
When |
The time frame specified in the selected user/host profile. The host must be on the network within this time frame to be a match. When set to Always this field is a match for all hosts or users. |
|
Note |
User specified note field. This field may contain notes regarding the data conversion from a previous version of FortiNAC. |
|
Last Modified By |
User name of the last user to modify the policy. |
|
Last Modified Date |
Date and time of the last modification to this policy. |
|
Right click options |
|
|
Delete |
Deletes the selected network access policy. |
|
Modify |
Opens the Modify Network Access Policy window for the selected policy. |
|
Buttons |
|
|
Export |
Exports the data displayed to a file in the default downloads location. File types include CSV, Excel, PDF, or RTF. See Export data. |
