Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
Megha_Bansal
Staff
Staff

Created on ‎08-23-2024 11:27 PM

Article Id 335984

Technical Tip: How to prevent Isolated Guest users access the internet when connected

Description

 

This article describes how to prevent users from accessing the internet if it is possible to access it by adjusting the DNS server IP on their devices even when in isolation or when connected to the guest network.

 

Scope

 

FortiNAC, FortiNAC-F.

 

Solution

 

If there are cases where the users can access the internet by changing their DNS server IP to 8.8.8.8, even when isolated or are trying to connect to the guest network. The below should be done to avoid such cases.

 

  1. Outbound DNS must be blocked except for the eth1/port 2 interface. The firewall rule should only allow DNS traffic to FortiNAC Eth1/port2 port.

See the below document for more details, page 57 onwards:

Deployment Guide FortiNAC 9.2.0

 

  1. In the case that the users are smart enough to play around with free VPNs and proxies and use these to access the internet using devices, it is required that the Firewall is configured to block VPN as well from the Isolation network.

313
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.