To All,
Does anyone have any ideas for how to allow Clients with Static IP's to show as On-Net when on the internal network? In our specific case, our servers are all set with a static IP address. FortiClient running on the Servers (2012R2) only show as off-net. Therefore, components like Web Filtering are managed at the client and not by the FortiGate. It would be best if they could show as On-net.
We are using the DHCP Scope Option 224, as suggested in the following thread, with great success, for all other clients. Thanks in advance for your help and suggestions!
https://forum.fortinet.com/tm.aspx?m=112938&high=on-net+off-net
Thanks,
-foshejh
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I have the same question as well. We are wanting to implement the FortiClient piece on our Servers but want to ensure they show as on-net versus off-net so web-filtering is disabled while they are on the network. The DHCP 224 works great for the workstations but not for devices that are statically assigned.
FortiOS 5.4 and FortiClient 5.4 both allow users to specify the IP subnet address for use in determining on-net/off-net status. If the endpoint's IP address is in the defined subnet, it will be considered on-net. This may be combined with the use of the DHCP option.
This is included in 5.4.0 Beta 1 on both FortiClient and FortiOS. You may want to try Beta 2 to see if it addresses this for you.
Kolawale,
Thank you very much for your reply! It is great to know that FortiNet is working through the Beta testing of FortiClient 5.4. Recently, we upgraded FortiOS and FortiClient from 5.2.3 to 5.2.4. Is was not a great experience for us, as we encountered a lot of new problems. Therefore, a few days later, we downgraded back to 5.2.3. I would love to try the Beta version, but we are not in a situation where we can slow down production at the office with Beta testing. Therefore, it looks like we will need to wait for a later release, after more testing has been completed.
Again, I appreciate your reply and look forward to future releases of FortiClient. I hope that some resources are studying the Application Firewall as well in release 5.4. I would not mind trying the beta version of FortiClient only, if it is compatible with FortiOS 5.2.3 to test these two items. I would love to be helpful if I could.
Sartuche,
Please take note of the issues that we experiences with FortiClient on our Servers. https://forum.fortinet.com/tm.aspx?m=126238. Our particular setup may be different, but it seems that there are not a lot of businesses using FortiClient on Servers? Once we disabled the Application Firewall, everything seems to be running much faster and smoother now.
Thanks,
-foshejh
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1529 | |
1027 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.