Fortinac Auth Problem

rcpdkc · ‎01-04-2024

I have a problem like this in Fortinac. Agent opens in front of the user, username and password goes, then it goes to the internet with the necessary rule. When the user logs out and opens another user session, it continues from the ip address received by the previously logged in user. What can I do to have a verification again when the user logs out and logs back in or when a different user logs in.

AEK · ‎01-04-2024

Here you must configure well your User/Host profiles on FortiNAC and Network Access. In case you have 2 AD groups to assign different access to, you need to have a distinct profile for each of these groups.

Once this is well done, you must configure well your switch Model Configuration.

E.g.:

Logical network: IT_net -> Access Value: VLAN_IT
Logical network: Managers_net -> Access Value: VLAN_Mgmt
Etc ...

If this is well done, it will work with persistent agent (Windows authentication) and authentication portal as well. Once you open a new session, FortiNAC will tell the AP or switch to put you in the right VLAN depending on the group of the user you logged in with.

Hope this helps.

AEK

ebilcari · ‎01-05-2024

Based on your description it looks like the hosts are registered via Persistent Agent. After the host is registered by the first user, it gain network access for any other possible users that will login in this host. There are different ways to do enforce users but based on your setup the easiest way could be enforcing authentication on the switchport:

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.