Technical Tip: Add Allowed Domains using the Administration UI
Description
This article describes the use of Allowed Domains for isolated hosts. When a device is connected to an isolation VLAN (for example, Registration, Quarantine, DeadEnd), FortiNAC acts as the DNS server. Upon receipt of a DNS request from the isolated host, FortiNAC returns the IP address of the isolation interface unless the domain is listed in the Allowed Domains page. If a request for a domain listed in the Allowed Domains page is received, FortiNAC sends a request to the customer's DNS server for resolution.
To provide appropriate IP resolution to isolated devices for completing actions such as updating AV/AS programs and SSL certificate authentication, this list should be updated as necessary. Refer to the FortiNAC Cookbook Domains to add to the Allowed Domains List for an updated list of these domains.
Scope
FortiNAC.
Solution
To add domains to the Allowed Domains page:
- Log in to the FortiNAC UI.
- Navigate to System -> Settings -> Control -> Allowed Domains.
- Select 'Add Domain' to add a new domain.
- Select 'Save Settings' to save any edits.
Related articles:
Technical Tip: Troubleshooting domain resolution in the captive portal
Technical Note: Captive Portal page secured with SSL certificate not building or slow to build
Technical Tip: Configuring Dead End as Enforcement
Technical Tip: An example of a simple network deployment of FortiNAC with FortiGate/FortiSwitch