Hi Team,
We are running FortiNAC v9.4.1, and we need to run checking if 'agent joined Windows Domain'. Can you share us the guide for this task?
Thanks a lot.
If I understood your request correctly, you want to update the host with domain users that are logged in? If yes this can be achieved with the Passive Agent. Just create a entry in Policy & Objects > Passive Agent without specifying much settings. It allows FortiNAC to process the information coming from Persistent Agent regarding the domain logged in user on the PC that have the agent installed.
You can read more about it here: https://docs.fortinet.com/document/fortinac/9.4.0/administration-guide/60485/using-windows-domain-lo...
Hi emirjon,
Thank you so much for your response.
it isn't our case. We would like to create a policy: 'a PC (running persistent agent) can connect to Employee VLAN only if it is joined domain example 'abc.bank.vn'.
Created on 02-10-2023 10:39 PM Edited on 02-10-2023 10:40 PM
Hi
1st you need to create a custom scan (Policy & Objects > Endpoint Compliance > Scans > Custom Scans) and configure a Windows Domain check policy. Add in the appropriate place the domain. (It's actually the NetBIOS name, not domain)
2nd attach that custom scan to a compliance check (Policy & Objects > Endpoint Compliance > Scans > Add > Windows > Custom > Tick the custom scan you just created)
There may be other methods too, like registry checking for certain keys and so on, but IMO that's probably the simplest to get you going.
Created on 02-14-2023 07:47 AM Edited on 02-14-2023 07:49 AM
In addition to Jason response, you can create a dedicated Scan, add the same logic and if you don't want to change the host status to "at risk" but just to change their access you can create a configuration that changes only the roles like the example below:
And than create a Network Access Policy to assign different VLANs based on this new roles. If the domain check succeed the host will be assigned the Corporate role, on fail something else.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.