Hello, how can I quarantine the user's DNS address in fortinac if it is an address other than the DNS address I specified?
Hello
I'm not sure to understand what you mean by user's DNS,
but here is how you can quarantine a USER:
On the other hand you can quarantine a HOST this way:
Once you do that, the disabled host should go to dead-end/isolation, and any host that the user logs-on will go to dead-end/isolation.
When Windows changes the DNS manually and this DNS address is not the one I specified
Hello,
well it depends, you can also manually disable that host via host view list or what I can suggest is to use Persistent agent and add custom scan for domain joined users.
https://docs.fortinet.com/document/fortinac/9.4.0/administration-guide/156414/endpoint-compliance
BR
If I understood this correctly, you want to disable port/host in case it uses a DNS other than specified. Since this is not a static configuration value (checked via registry, processes) it can't be identified by the agent scans. It's better to use the Firewall to report this behavior as an incident and than map it to an Action in FNAC to disable the host or mark it as at risk.
I tried to check with registry but can't because it matches another value
I fully agree with @ebilcari , the solution is to detect the traffic at firewall level and to send the event to NAC so it isolates the client.
I don't quite understand how to do this
You can check this video on Fortinet Video Library for more details.
I don't have this menu, is it licence related?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.