I want to implement a simple FortiNAC deployment and place the ETH0 (FortiNAC Mgnt) and ETH1 (FortiNAC Service) interfaces in the same VLAN for a "L3 network type". It seems to me that there will be no problem but I want to know if anyone here has done something like this and if it is working. I plan to use this table of IP Address:
MGMT | 10.47.0.60/24 |
CAPTIVE REGISTRATION | 10.47.0.61/24 |
CAPTIVE REMEDIATION | 10.47.0.62/24 |
CAPTIVE DEAD END | 10.47.0.63/24 |
Is there anyone here who can point to a document describing this? I will be very grateful if there are contributions.
Solved! Go to Solution.
Hi @Nascimento ,
Here is a very nice guide, have a look as it might help:
https://community.fortinet.com/t5/FortiNAC/Technical-Tip-An-example-of-a-simple-network-deployment-o...
Hi @Nascimento ,
Here is a very nice guide, have a look as it might help:
https://community.fortinet.com/t5/FortiNAC/Technical-Tip-An-example-of-a-simple-network-deployment-o...
The short answer is NO, it will mess up the routing table since you can have only one default route, most probably using eth0. To add, the eth1 interface and their sub-interfaces will also serve DHCP and DNS services that will complicate it even more. Not to consider also the security concern that mixes management traffic with isolated/non compliant user's traffic.
> route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default gw.eb.eu 0.0.0.0 UG 0 0 0 eth0
If you have a physical appliance of FNAC you can try the L2 deployment if you place FNAC directly in the LAN segment and choose to span the VLAN from access ports to eth1 interface of FNAC.
If you are using a VM than the L3 topology with two separate subnets is needed.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.