Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
cmaheu
Staff
Staff

Created on ‎02-05-2023 09:56 PM

Article Id 244783

Troubleshooting Tip: MAC Address not detected over VPN

Description

This article describes the behavior where a MAC Address is not detected when a client connects over managed VPN.

 

This can occur when Agent information is either not received or not processed.
Scope FortiAC version 8.x, and 9.x.
Solution

1) Ensure the agent traffic is reaching the appliance. 

See the related KB article for troubleshooting steps:

https://community.fortinet.com/t5/FortiNAC/Troubleshooting-Tip-Connection-issues-with-the-Fortinet/t...

 

2) If agent the traffic is reaching the appliance, enable debug for Agent communication.  In appliance CLI type:


nacdebug –name PersistentAgent true   <----- If using Persistent Agent.
nacdebug –name AgentServer true   <----- If using Dissolvable Agent.
tail -F /bsc/logs/output.nessus

 

3) Have client connect.  

 

4) Type Ctrl-C to stop tail.

 

5) Disable debug:


nacdebug –name PersistentAgent false
nacdebug –name AgentServer false

 

6) In /bsc/logs/output.nessus output, look for 'PAConnectionStatus'.  There should be messages for the MAC address for the remote user. 
Labels:
713
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.