FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
Article Id 208432

This article describes that depending on the environment, there are controls and/or requirements in place, on the network, that prevent incoming packets on the isolation VLAN going to eth1 and outgoing on eth0 are not able to reach back into the isolation VLAN. 


This would be especially apparent when using Captive Portal as this can prevent a browser from displaying the portal.

Scope FortiNAC.

Setup 'setupAdvancedRoute' in order to configure policy-based split routing on the FortiNAC.


This allows packets going into an interface on the FortiNAC, to be sent out again, after processing, via the same interface. Steps were as follows:

1) Log into the CLI as root.

2) Type 'setupAdvancedRoute' at the prompt.




3) Type 'I' or 'i' to install.






- Type 'F' or 'f' in order to update routes should a new interface be added (i.e. additional isolation sub-interface(s) is/are added such as registration, authentication, etc...)


4) to remove the config, type 'U' or 'u'.