Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Dan
To do real NAC and seamless authentication you need FortiClient EMS in addition to what you already have. It will allow you do NAC based on AD groups, posture (AV, vulnerabilities, updates, ...) and other ZTNA tags, plus IPsec, Web filter, and other features. In addition your offsite hosts remain under control as well.
If you don't have ZTNA for the moment then you can do very basic NAC (MAC, vendor, ...), you can also do seamless authentication for your Corp hosts with FSSO, but it is L3 and less secure. You can add security with RADIUS via client certificate authentication, but here we are starting to make things more complicated than the first option.
Hi AEK,
Thanks for the response.
I was thinking that, unfortunately with the "NAC Lite" features I can only as mentioned do very basic NAC and due to the amount of devices this just isn't feasible using MAC or vendor. We will be deploying FortiClient ZTNA but at a later data so I need an alternative solution to bide the time.
Since we use Entra ID I was looking into authentication with Entra ID as a SAML IdP, do you think that this would be a good option and have any experience with this?
Outbound firewall authentication with Microsoft Entra ID as a SAML IdP | FortiGate / FortiOS 7.4.1 |...
Many thanks,
Dan.
For Corporate users i would suggest enforcing 802.1x with EAP-TLS.
It is also the authentication method that fulfills NIST compliance for identification and auth control.
For web filtering when hosts are off site/remote you can either use ZTNA with EMS which will require FortiClient on all laptops or you can use Agentless method with FortiSASE acting as secure web gateway. In this case you can achieve authentication for users by configuring ENTRA ID as SAML IDP.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1030 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.