Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rcpdkc
Contributor II

Fortinac Auth Problem

I have a problem like this in Fortinac. Agent opens in front of the user, username and password goes, then it goes to the internet with the necessary rule. When the user logs out and opens another user session, it continues from the ip address received by the previously logged in user. What can I do to have a verification again when the user logs out and logs back in or when a different user logs in.

 

2 REPLIES 2
AEK
SuperUser
SuperUser

Here you must configure well your User/Host profiles on FortiNAC and Network Access. In case you have 2 AD groups to assign different access to, you need to have a distinct profile for each of these groups.

Once this is well done, you must configure well your switch Model Configuration.

E.g.:

  • Logical network: IT_net -> Access Value: VLAN_IT
  • Logical network: Managers_net -> Access Value: VLAN_Mgmt
  • Etc ...

If this is well done, it will work with persistent agent (Windows authentication) and authentication portal as well. Once you open a new session, FortiNAC will tell the AP or switch to put you in the right VLAN depending on the group of the user you logged in with.

Hope this helps.

AEK
AEK
ebilcari
Staff
Staff

Based on your description it looks like the hosts are registered via Persistent Agent. After the host is registered by the first user, it gain network access for any other possible users that will login in this host. There are different ways to do enforce users but based on your setup the easiest way could be enforcing authentication on the switchport:

force auth.PNG

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors