Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mrimmune
New Contributor

Fortiswitch NAC user policy identification

Hello team.

What kind of users can be used in FortiSwitch NAC user policy?:

1. local?

2. active directory - if so, only via captive portal or another way?

....

thanks a lot!

Michael 

4 REPLIES 4
ebilcari
Staff
Staff

You can find all possible configurations on this section of the guide. This feature is mostly used for devices (dummy), it can also be used for user groups or EMS tags but it's not that flexible to be considered a full NAC solution.

FortiNAC offers a complete NAC solution, you can read more about it here.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
mrimmune

Thanks a lot for response.

I know that FortiSwitch is not full NAC solution, but anyway it is unclear for me which users or users' group can be used in Fortiswitch NAC solution.

In one of articles I see usage AD users via captive portal.

Why do I need to use captive portal when Fortigate sees the username and IP of connecting device?

Thanks

Michael

ebilcari

I think that FGT will need an active authentication method in order to switch the VLAN on the port, so CP is required. Using a user group from a passive authentication method like FSSO may not be enough to identify the connected host.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
Sheikh
Staff
Staff

Hello @mrimmune 

 

In order to apply user based NAC policies, please see this Article 

 

regards,

 

Sheikh

**If you come across a resolution, kindly show your appreciation by liking and accepting it, ensuring its accessibility for others**
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors