Technical Tip: How to create network access policy...

FortiNAC

NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.

Article Id 337645

Description

This article describes how to use attributes from a RADIUS Request to create a condition for a user host profile.

Scope

FortiNAC, CentOS, nacOS.

Solution

Enable debugs if needed:

CentOS.

nacdebug -name FingerprintServer true

> tail -F output.master | grep -i FingerprintServer

NacOS.

execute-enter shell

nacdebug -name FingerprintServer true

Examine logs if needed.

godzilla # diagnose tail -F output.master | grep -i FingerprintServer

Example below include MSCHAPv2, PEAP, and EAP TLS.

MSCHAPv2, PEAP:

The syntax must exactly be the same as what receiving or it is possible to do a '*' if needed.

EAP-Type-Name = MSCHAPv2*

Validate:
Go to users & hosts -> host -> 'right click' -> policy details.

Policy detail.png

EAP TLS.

Validate:
Go to users & hosts -> host -> 'right click' -> policy details.

298

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Technical Tip: How to create network access policy via RADIUS Request Attribute

You are leaving our website