Let's say I have a switch/AP that is being managed by a platform like FortiManager or Mist (Juniper). If changes are made with these tools, I'm assuming that:
- NAC will poll the switch/AP as usual and get the new parameters like VLAN ID, etc.
- Run policies as usual and make changes to switchports accordingly.
Is this correct ?
Any best practices for NAC when using such management tools ?
Don
As per my knowledge FortiManager manages FortiSwitches and FortiAPs only if they are managed by FortiGate.
FortiNAC also manages standalone FortiSwitch.
Check the below docs for both cases.
Hope it helps.
Technically, each time a device configuration is done outside of FNAC, a manual 'Resync Interfaces' need to be performed (it can also be scheduled like shown here). Depending on the type and the frequency of the configuration changes done externally, it may have undesired results for the integration with FNAC.
I would suggest to use RADIUS and dynamic VLAN assignments in order to not relay on configuration changes for changing VLANs or enforce policies.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.