Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mostafahasanin38
New Contributor

Created on ‎08-21-2022 12:18 PM

FortiNAC BYOD

Hi All,

 

We are deploying FortiNAC BYOD, and testing it on wired connection firstly, then will deploy on wireless.

 

We have an issue that BYOD device is locate in the isolation VLAN successfully, then redirected to FortiNAC Portal, but the portal takes a lot of 5 minutes to load, also after the user login using LDAP credential, he download Disslovable Agent successfully and install it, but Dissolvable Agent trigger an Error "Unable to obtain configuration from Server" and asks for server IP, when entering server IP, the same Error exists.

 

2022-21-30 07-13-30-fortinac winbind - بحث Google‏ and 11 more pages - Work - Microsoft​ Edge.png

Could you please support.

Labels:
1939
0 Kudos
3 REPLIES 3
AEK
SuperUser
SuperUser

Created on ‎08-23-2022 08:31 AM

Hello Mos

FortiNAC is extremely capricious software, any little parameter (from hundreds) in your env that is not configured as it wants will lead to various kinds of issues. I can tell you that FortiNAC is the most capricious and complicated software I've seen in my 15 years career.

 

So for your first issue, the portal may not auto-display until you request some URL on your browser, or may be caused from DHCP address is coming probably late because your client may have not refreshed its dynamic address when it should do, this is one or two of the many possible scenarios. So try check your client's IP address while you are waiting for the portal to display.

 

For the second issue, as far as I remember it happens when you don't have valid certificate for on your server portal, or if the certificate is not recognized by client, in version 9 dissoluble agent is enforced with https. So when you are prompted you should enter protocol before IP, i.e.: http://x.x.x.x/some_path, this should work.

I think there is probably "some_path" but sorry I don't remember it.

 

AEK
AEK
1927
0 Kudos
mostafahasanin38
New Contributor
In response to AEK

Created on ‎08-23-2022 02:41 PM

Hi AEK,

 

Regarding Dissolvable Agent issue, it resolved and working fine.

But I have an issue that network enforcement not happened as FortiNAC doesn't switch Wireless VLAN from the isolation to the production.

do you know a specific steps to force SSID to force VLAN switching or have a guide explain FortiNAC for SSID enforcement ?

As I have already added the SSID into force-authentication and role-based groups, then in SSID model configuration I make it custom not inherit and enforce isolation and production VLANs.

the host is matching successfully in the network access policy, but didn't take the access VLAN.

1922
0 Kudos
ebujedo
Staff
Staff

Created on ‎09-28-2022 03:46 AM

Hi mostafahasanin38,
FortiNAC switches VLAN in different ways (REST API, SSH, RADIUS, ETC) depending on the product integration(Forti AP, Cisco, Ruckus, etc):
You can find all our integration guides supported here:
https://docs.fortinet.com/product/fortinac/8.8
Which of these is your case ?

Best regards.

Ezequiel Bujedo

Staff
1776
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.