Hello everyone, I would like to know, can the isolation interface port2 and isolation scope be in the same network, example : Isolation interface :192.168.10.2Gateway : 192.168.10.1Isolation scope : Gateway : 192.168.10.1lease pool : 192.168.10.3 - 192.168.10.100 I've seen the majority of articles use seperate subnets and some articles use them in the same subnet. Can anyone explain pls ? Thanks in advance.BR,

ByteHaven

Explorer III

Question

Isolation interface port2 and Isolation scopes

Forum|Forum|3 months ago
February 15, 2026
1 reply
224 views

Hello everyone,

I would like to know, can the isolation interface port2 and isolation scope be in the same network, example :

Isolation interface :

192.168.10.2
Gateway : 192.168.10.1

Isolation scope :

Gateway : 192.168.10.1
lease pool : 192.168.10.3 - 192.168.10.100

Screenshot 2026-02-15 105552.png

I've seen the majority of articles use seperate subnets and some articles use them in the same subnet. Can anyone explain pls ?

Thanks in advance.

BR,

FortiNAC

ebilcari

Staff

This depends on the selected Network Type configuration. More details are shown in this section of the guide. From the shared screenshot, it appears that this setup is configured as a Layer 3 network (recommended). So, the traffic for the isolation subnets must be routed, meaning the isolation IP cannot be on the same subnet.

Emirjon

ByteHavenAuthor

Explorer III

Is it incorrect if the FNAC's port2 and the isolation scope are in the same subnet ?

Cause I've tried it and it kinda worked. I wanna know the purpose of separting them.

BR,

ebilcari

Staff

I'm not sure how you got it working, how the DHCP relay is configured, or how DNS and HTTP traffic routing works in this case.
You can refer to this article for some details: Technical Tip: An example of a simple network deployment of FortiNAC with FortiGate/FortiSwitch

Emirjon

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded