Skip to main content
ByteHaven
ByteHaven
Explorer III
January 29, 2026
Solved

FortiNAC config wizard - Domain config

  • January 29, 2026
  • 2 replies
  • 223 views

Hello everyone,

 

in the config wizard I would like to know if the "domain" field has to be a real domain as in the prod domain or do I have to make a subdomain for FortiNAC and config it in my DNS server ?

Screenshot 2026-01-29 115152.png

 

BR,

Best answer by AEK

Hi ByteHaven

As per my experience this field is not required to be the same as your company's domain, but as per my experience the suffix must be standard compliance.

I remember one engineer asked me for help because his fresh FNAC installation can't bring up the isolation portal. After troubleshooting we found that because he set the domain to domain.lab. I think .local and other strange suffixes are also banned. Just use .con, .net or other regular suffixes.

For some of my integration I had to change the suffix because company's suffix was .local, and everything worked normally.

So the short response is: you can use a domain other than company's real domain, but following suffix standard/rfc (I forgot how this standard is called).

2 replies

AEK
SuperUser
AEKAnswer
SuperUser
January 29, 2026

Hi ByteHaven

As per my experience this field is not required to be the same as your company's domain, but as per my experience the suffix must be standard compliance.

I remember one engineer asked me for help because his fresh FNAC installation can't bring up the isolation portal. After troubleshooting we found that because he set the domain to domain.lab. I think .local and other strange suffixes are also banned. Just use .con, .net or other regular suffixes.

For some of my integration I had to change the suffix because company's suffix was .local, and everything worked normally.

So the short response is: you can use a domain other than company's real domain, but following suffix standard/rfc (I forgot how this standard is called).

AEK
ebilcari
Staff
ebilcari
Staff
February 2, 2026

The domain configured here is used as a suffix to resolve local names that FNAC needs to reach (DC, PC, etc.) instead of using the FQDN, when a private DNS server is configured. If the DNS servers are set to public/global DNS servers, this setting should not be relevant.

 

fnac76 # exe ent

fnac76:~$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
# 127.0.0.53 is the systemd-resolved stub resolver.
# run "resolvectl status" to see details about the actual nameservers.

nameserver 10.1.1.10
nameserver 10.6.1.10
search eb.eu
options single-request-reopen

 

fnac76:~$ ping dc01
PING dc01.eb.eu (10.1.1.10) 56(84) bytes of data.
64 bytes from DC01.eb.eu (10.1.1.10): icmp_seq=1 ttl=126 time=40.2 ms


This configuration is not related to domain configurations in isolation scopes.

Emirjon
ByteHaven
ByteHavenAuthor
Explorer III
February 2, 2026

Hello AEK and Emirjon,

 

I would like to thank you both for your detailled answers. It is much clearer now.

 

Good thing I can use our company's domain cause it has (.com) suffix, and it's already used for many things such as mailing.

 

BR,

Terms & ConditionsAccessibility statement