Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
By default Windows remember the last cached credentials of the user but the access to the DCs can still be provided while the hosts are in the isolation networks. The Allowed Domain feature is used for that.
In my opinion I don't think there is a specific recommendation. The best option is to discuss it with your customer.
Some customers want security more than productivity, and some others the opposite. Some others want the set default VLAN for some port to Guest VLAN, and for some other (office/VIP) ports to Prod VLAN (for productivity just in case FNAC goes down).
The point is once you explain this to your customer he will understand and "he" will decide what is the best option for his case (and for each set of ports) and what is more compliant to his company's policy.
AEK, makes sense. A follow-up question....
In a windows environment, does the user need to start on a vlan that at least has access to the domain controller to authenticate before any NAC policy is applied ?
Thanks !
By default Windows remember the last cached credentials of the user but the access to the DCs can still be provided while the hosts are in the isolation networks. The Allowed Domain feature is used for that.
that's great - thanks!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.