Built in NAC policy

Forum|Forum|9 months ago
August 17, 2025
1 reply
504 views

Hello, I was digging into creating NAC policies using user-based policies. Currently, I am using FSSO user groups in the user group attribute.

I did create a firewall policy to allow traffic between the onboarding VLAN and the collector agent server, and the user is authenticated without hitting the NAC policy. I am wondering if I can use FSSO user groups in NAC policies. Any ideas?

FortiGate

BIRO

New Member

Thank you for sharing the details. Could you please illustrate the correct rule order to ensure NAC policy authentication is applied first?

I attempted this setup, but the user remains stuck in the onboarding VLAN, and I see no hits on the NAC policy.

The order I currently use is:

Firewall rule from the onboarding VLAN to AD.
Firewall rule from the onboarding VLAN to the Internet.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded