Security profile groups
You can create security profile groups, which allow you to group different security profile settings together. You can then configure the profile group as part of a policy.
For example, consider the RemoteHomeOffice-AllowFortinet example policy from Adding policies to perform granular firewall actions and inspection, which allows remote employees (members of the Remote-Home-Office VPN user group) to access *.fortinet.com. Consider that you also want to monitor these employees' access to Cloud/IT applications using Application Control With Inline-CASB, while disabling Application Control With Inline-CASB for all other employees. You can achieve this by creating a new security profile group with the desired Application Control With Inline-CASB settings, and configuring this profile group as part of the RemoteHomeOffice-AllowFortinet policy. Application Control With Inline-CASB remains disabled for policies that have another security profile group applied.
The following provides for configuring the described scenario.
To create a security profile group and configure it in a policy:
- Go to Configuration > Security.
- From the Profile Group dropdown list in the top right corner, click Create.
- In the Name field, enter the desired name. This example uses "Cloud IT" as the group name.
- In the Initial Configuration field, do one of the following:
- Select Default to configure the new group with the same settings as the default security profile group.
- Select Based On to configure the new group with the same settings as an existing non-default security profile group. From the dropdown list, select the desired group.
- Click OK.
- Configure Application Control With Inline-CASB to monitor employees' access of Cloud/IT applications by enabling Application Control With Inline-CASB. By default, once enabled, Application Control With Inline-CASB monitors access of Cloud/IT applications.
- Configure the profile group in a policy:
- Go to Configuration > VPN Policies.
- Select the RemoteHomeOffice-AllowFortinet policy.
- In the Profile Group field, select Specify. From the dropdown list, select Cloud IT. The Profile Group field is only available for policies where the Action is configured as Accept.
- Click OK.