Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
bmduncan34
New Contributor III

FortiNAC and Domain Joined Computers

Hello.  Can FortiNAC require that a computer be domain joined before getting an IP address or being allowed network access?  If it isn't, like a contractor or a visitor, I'd like the machine placed in a locked down guest vlan with only Internet access.  Thanks everyone!

1 Solution
boneyard
Valued Contributor

that is a bit difficult because for parts of FortiNAC to work you need an IP address first.

 

you could do this with dot1x and using machine authentication but that isn't really FortiNAC usually way of working.

 

personally i would say why not allow access in a limited access VLAN first, let the FortiNAC agent do it's work and if ok move to the trusted network? a bit different way of thinking, but it gets the job done.

View solution in original post

1 REPLY 1
boneyard
Valued Contributor

that is a bit difficult because for parts of FortiNAC to work you need an IP address first.

 

you could do this with dot1x and using machine authentication but that isn't really FortiNAC usually way of working.

 

personally i would say why not allow access in a limited access VLAN first, let the FortiNAC agent do it's work and if ok move to the trusted network? a bit different way of thinking, but it gets the job done.

View solution in original post