Hello. Can FortiNAC require that a computer be domain joined before getting an IP address or being allowed network access? If it isn't, like a contractor or a visitor, I'd like the machine placed in a locked down guest vlan with only Internet access. Thanks everyone!
that is a bit difficult because for parts of FortiNAC to work you need an IP address first.
you could do this with dot1x and using machine authentication but that isn't really FortiNAC usually way of working.
personally i would say why not allow access in a limited access VLAN first, let the FortiNAC agent do it's work and if ok move to the trusted network? a bit different way of thinking, but it gets the job done.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
