Hello, everyone.
Is there a way in FortiNAC to prevent a host with persistent agent to connect to, for example, a guest network SSID if they had previously signed in into a corporate network SSID?
Thank you all!
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Created on 10-16-2023 11:28 AM Edited on 10-16-2023 11:29 AM
In that case it is simple, just add a policy similar to this one:
So any host with persistent agent connecting to Guest SSID will find itself in isolation network.
You can do it as suggested or change the User/Host profile for the Guests to limit only for the GuestSelfRegistration role (existing users will have a different role) and no Agent communicating like shown below:
Hello
You can do so only if your Guest SSID is controlled by FortiNAC.
But in some installation the Guest SSID may not be controlled by FortiNAC (for license optimization or to simplify Guest SSID usage). In that case, your FortiNAC can't control who can or who can't connect to it.
However you should be able to do this restriction at lease by blocking traffic at firewall level, by enabling tags between FortiNAC & your FortiGate, then by denying traffic coming from the Guest VLAN for the specific hosts/users.
Hello, AEK
Thanks for your response. Indeed we have both the guest and production SSIDs controlled by FortiNAC. What we are trying to achieve is to let our coworkers that have the persistent agent to connect to the production SSID (which has limited Internet access) but prevent them from connecting to the guests SSID that is Internet "free".
Thanks!
Created on 10-16-2023 11:28 AM Edited on 10-16-2023 11:29 AM
In that case it is simple, just add a policy similar to this one:
So any host with persistent agent connecting to Guest SSID will find itself in isolation network.
You can do it as suggested or change the User/Host profile for the Guests to limit only for the GuestSelfRegistration role (existing users will have a different role) and no Agent communicating like shown below:
Thanks!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1641 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.