Controlling when specific types of devices can

access the Internet

In this example, a school does not allow Internet access to mobile devices between
9am - 12pm and 1pm - 3pm. To implement this, you create a device identity policy
that permits Internet access for these devices before classes, at lunch time, and
after classes. The school is open from 7am to 6pm.

In this example, a FortiWiFi unit is used. A similar method can be used to control access using a FortiAP and a
FortiGate..

1. Creating the schedule

2. Creating the device policy
3. Configuring the authentication rule
4. Results

Internet

FortiWiFi

Wireless Mobile
Devices
Creating the schedules and
schedule group
The schedule covers several periods. It is
created by combining several schedules into
a schedule group.

Go to Firewall Objects > Schedule >

Schedules. Create recurring schedules for
the before class (7-9am), lunch (12-1pm), and
after class (3-6pm) periods.

Go to Firewall Objects > Schedule >

Groups.

Create a group and add the schedules that

you created before.
Creating the device policy
Go to Policy > Policy > Policy and create
a Device Identity policy to control Internet
access.

Create a new Authentication Rule. Set

Device to include all mobile device types
and set Schedule to the new schedule
group.

Results
When a mobile user connects during a time
set matching the schedule group, they can
surf the Internet

Go to Log & Report > Traffic Log >

Forward Traffic to view the traffic from
these devices.
When the time in the schedule is reached,
further surfing cannot continue. This does
not appear in the logs, as only allowed traffic
is logged.