Created on 10-01-2018 02:45 AM Edited on 10-03-2022 07:34 AM By Jean-Philippe_P
Description
This suggests the host does not fulfill the criteria for the desired policy. Policies are comprised of two components:
- User/Host profile: The set of criteria the host record must fulfill in order for the policy to apply.
- Configuration: The action executed when the User/Host Profile matches.
Scope
Version: 8.x, 9.x.
Solution
For location-based Network Access policies see KB article 195587.
Network Access policies: if affected host is connected to a switch port, verify the port is part of the Role-Based Access port group.
Tab is Blank
If criteria is correct, review the host record and its associated user record (if user record criteria was included) to determine what criteria was missing.
Tab Lists Incorrect Policy
3) Note the ranking order: the host is evaluated against the policies in order of rank, starting with 1 (top rank). The first policy that matches will apply, and therefore, policies with more restrictive criteria should be ranked at the top.
Possible scenarios:
- Criteria for one or both policies is incorrect. Modify as necessary.
- Matching policy is ranked above the desired policy. Example:
Rank 5: Matching Policy
Rank 9: Desired Policy
The matching policy contains less restrictive criteria. Adjust ranking such that the desired policy is listed higher up in ranking, taking into consideration the surrounding policies. If unsure what the new ranking should be, contact support for assistance.
- Matching policy is ranked below the desired policy. Example:
Rank 5: Desired Policy
Rank 9: Matching Policy
Related Articles
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.