Hello. Can FortiNAC require that a computer be domain joined before getting an IP address or being allowed network access? If it isn't, like a contractor or a visitor, I'd like the machine placed in a locked down guest vlan with only Internet access. Thanks everyone!
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
that is a bit difficult because for parts of FortiNAC to work you need an IP address first.
you could do this with dot1x and using machine authentication but that isn't really FortiNAC usually way of working.
personally i would say why not allow access in a limited access VLAN first, let the FortiNAC agent do it's work and if ok move to the trusted network? a bit different way of thinking, but it gets the job done.
that is a bit difficult because for parts of FortiNAC to work you need an IP address first.
you could do this with dot1x and using machine authentication but that isn't really FortiNAC usually way of working.
personally i would say why not allow access in a limited access VLAN first, let the FortiNAC agent do it's work and if ok move to the trusted network? a bit different way of thinking, but it gets the job done.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1720 | |
1094 | |
752 | |
447 | |
234 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.