I have a problem like this in Fortinac. Agent opens in front of the user, username and password goes, then it goes to the internet with the necessary rule. When the user logs out and opens another user session, it continues from the ip address received by the previously logged in user. What can I do to have a verification again when the user logs out and logs back in or when a different user logs in.
Here you must configure well your User/Host profiles on FortiNAC and Network Access. In case you have 2 AD groups to assign different access to, you need to have a distinct profile for each of these groups.
Once this is well done, you must configure well your switch Model Configuration.
E.g.:
If this is well done, it will work with persistent agent (Windows authentication) and authentication portal as well. Once you open a new session, FortiNAC will tell the AP or switch to put you in the right VLAN depending on the group of the user you logged in with.
Hope this helps.
Based on your description it looks like the hosts are registered via Persistent Agent. After the host is registered by the first user, it gain network access for any other possible users that will login in this host. There are different ways to do enforce users but based on your setup the easiest way could be enforcing authentication on the switchport:
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.