Help
FortiSASE
FortiSASE delivers both a consistent security posture and an optimal user experience for users working from anywhere. Secure your hybrid workforce by closing security gaps, plus simplify operations.
Patterson
Staff
Staff

Created on ‎10-08-2024 11:15 PM Edited on ‎11-19-2024 09:58 PM By Staff

Article Id 347135

Technical Tip: Validating On-Fabric Rule Match Status on Endpoints Using the FortiClient Diagnostic Tool

Description

 

This article describes how to validate the on-fabric rule match status on endpoint using the Forticlient Diagnostic Tool.

 

Scope

 

FortiSASE.

 

Solution

 

Once the configuration is completed according to the following admin guide for on-fabric detection:

Connection 

 

Using the output from the FortiClient Diagnostic Tool:

Technical Tip: How to troubleshoot FortiClient (FCT) management connection issue with FortiSASE

 

Navigate to location -> FCDiagData\general\logs\trace\FortiESNAC_1.log and check for the log line starting with FabricChecker.

 

Note:

Both the 'known Public IP' and 'known DNS server' conditions are being used.

 

on-fabric.png

 

 

Summary:

  • The Onnet logs indicate that the endpoint successfully matched the rules and is online, with both public IP and DNS server rules validated.
  • In contrast, the Offnet logs show that while the public IP was recognized, the DNS server rule failed to match, leading to the endpoint being classified as offline and off-net.
Labels:
132
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.