When a Windows host with the Persistent Agent has both Wired and Wi-Fi adapters connected simultaneously:

1. Potential Issues:

• Communication Conflicts: If both adapters are active, the agent may experience intermittent communication issues if network paths conflict (e.g., firewalls blocking ports 4568/80 on one interface, or DNS misconfiguration).
• Policy Mismatch: Network Access policies might apply inconsistently if the adapters are on different subnets or VLANs, leading to unexpected VLAN changes or temporary disconnections (as noted).

2. Recommendations:

• Single Active Adapter: FortiNAC documentation implicitly recommends ensuring only one adapter is actively used at a time to avoid policy reevaluation conflicts. For example, the FortiNAC USB/Thunderbolt Adapters section states that dual-homed hosts may trigger race conditions in policy enforcement, causing disconnections.
• Agent Communication: The Persistent Agent must communicate via the connected adapter. If both are active, ensure both interfaces have unfettered access to FortiNAC (ports 4568/80) and DNS is correctly configured to resolve the FortiNAC server.

3. Documentation Reference:

• The FortiNAC USB/Thunderbolt Adapters section explains that FortiNAC associates all adapters reported by the Persistent Agent with the host record. However, simultaneous use of multiple adapters is not explicitly recommended and may lead to instability.

Conclusion:

• While FortiNAC can manage multiple adapters, it is advisable to use a single active network interface (Wired or Wi-Fi) to prevent communication or policy conflicts. If both must be connected, ensure network configurations (firewalls, DNS, VLANs) are consistent across both interfaces.
• Avoid switching between wired and wireless adapters too frequently, as this could cause problems with the host record in FortiNAC.

Related article:
Troubleshooting Tip: Windows Persistent Agent logs