Created on 07-04-2024 06:09 AM Edited on 07-04-2024 06:53 AM By Jean-Philippe_P
This article describes the configurations needed to isolate disabled hosts to the Dead End network. This enforcement status can not be configured as Port Group Membership which is usually used for another type of enforcement but needs to be configured at the device level.
FortiNAC.
FortiGate (virtualized device):
FortiSwitch/FortiWLC:
SSID Configuration:
The same result can be obtained by 'right-clicking' on the device and making it a member of this group:
Now all the ports of that device will have the Dead End enforced on every port:
If a disabled host is connected to this port, it will be moved to the Dead End VLAN:
On the end host's browser, the user gets notified of this action through the portal:
Related document:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.