Hello,
all clients are in the 192/24 network, and the DHCP is installed on a Windows Server. I want all new clients to not receive an IP address initially or immediately access the internal network, but instead be released through a policy. WLAN devices should be exempted from this, as they are connected to Ubiquity APs and the 'Client Device Isolation' setting is activated. These clients do not enter the internal local network anyway and should therefore not be released separately. Is there a way to solve this without VLAN?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
that has afaik to be done on the windows dhcp then. It must be configured to not give anyone an ip unless permitted to. The FortiGate can only relay DHCP Requests to the windows DHCP.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Thank you for your response. I tried this on our Windows Server and activated the MAC Filter "Allow" and "Deny". Clients only receive an IP if they are in the "Allow" folder; otherwise, they are denied. The issue here is that all new Wi-Fi clients should be able to access the internet regardless without needing explicit permissions, as they are already isolated. For example, if a customer visits our company and wants to connect, they should be able to reach the internet. However, if someone comes with a notebook and tries to plug in a LAN cable, that should be denied.
Hi
But if the client set a static IP he will be able to connect, right?
If so then this is not good setup and you should do it otherwise. I think you have two choices:
Hi,
I think what you are looking for is a guest wifi where users would still be assigned an ip but from a different subnet and policies will allow them access to the internet only and you can have the added security of a captive portal for example:
Otherwise, I suggest NAC segmentation but that would be using vlans and assuming you have managed fortiswitches in the environment:
https://docs.fortinet.com/document/fortigate/7.0.0/new-features/856212/nac-lan-segments-7-0-1
saleha
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1710 | |
1093 | |
752 | |
446 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.