Hello everyone, I’m back with another issue related to FortiNAC...
In the client's network infrastructure where FortiNAC is deployed, there is an Explicit Proxy configured on the FortiGate.
If I disable the proxy on the test machine, the FortiNAC Captive Portal appears as expected. However, when the proxy is enabled, the traffic bypasses FortiNAC entirely, and I can browse the internet without being redirected to the Captive Portal.
I’ve tried creating Proxy Policies to deny traffic from the isolation VLAN subnet, but this still bypasses the FortiNAC registration portal, and I receive an error indicating that internet access is blocked.
Is it possible to forward traffic from the FortiGate proxy to FortiNAC? I couldn't find any reference to "proxy" in the allowaccess settings for FortiNAC's port2 interface.
Thank you very much for your help!
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
A quick way I can think of is to put the FNAC isolation domain as exception in proxy client configuration (if centrally managed) and block internet access via proxy when the hosts are in the isolation VLAN.
There is no built in mechanism in FNAC to accept user proxied traffic, this may cause issues since FNAC will extract some of the host's information when it access the portal, even NAT is not recommended.
Hello,
Can you please show us the proxy and the forwarding server configuration ?.
BR.
Hi, the pre-existing proxy policies (configured by other providers in all → all) have no forwarding server and are configured with the WAN interface as the destination interface.
A quick way I can think of is to put the FNAC isolation domain as exception in proxy client configuration (if centrally managed) and block internet access via proxy when the hosts are in the isolation VLAN.
There is no built in mechanism in FNAC to accept user proxied traffic, this may cause issues since FNAC will extract some of the host's information when it access the portal, even NAT is not recommended.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1702 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.