Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JLpanda
New Contributor

Created on ‎06-21-2024 06:56 AM

Wireless NAC limitations with FortiGate 40F & FAP-221E

I have a small lab setup consisting of a Fortigate 40F-3G4G (7.2.8), a FortiSwitch 108E-POE (7.2.7) and a FortiAP 221E (7.2.3). They are being managed by FortiManager Cloud (ADOM Version 7.2).

 

I am trying to configure some basic NAC policies for both the wired and wireless network. I have been able to get the wired network NAC working, but am having issues with the wireless NAC. I understand that with these Switch and Gate models connected directly NAC VLAN Segmentation is a no go, but I was able to still get NAC working on the wired LAN by disabling this.

 

With the wireless NAC, I am following this guide here (page 41). All the commands can be entered without issue, however step 4 (Enable NAC on the SSID and select the configured policy), just doesn't stick. If I enter it directly via CLI or via the CLI Configurations section of FortiManager, you do not seeing any errors. But, then, when I check either via the CLI or on the CLI Configurations section of the GUI, the NAC is disabled.

 

My question is whether what I'm trying to do actually impossible in this setup (due to NAC VLAN Segmentation limitations) or do I potentially have another issue?

Labels:
174
0 Kudos
3 REPLIES 3
Anthony_E
Community Manager
Community Manager

Created on ‎06-23-2024 10:10 PM

Hello,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
88
0 Kudos
Anthony_E
Community Manager
Community Manager

Created on ‎06-26-2024 10:26 PM

Hello,

 

We are still looking for someone to help you.

We will come back to you ASAP.


Regards,

Anthony-Fortinet Community Team.
35
JLpanda
New Contributor

Created on ‎06-27-2024 02:17 AM

Hi Anthony,

 

I have also logged this with TAC, and the FortiManager team are looking into it. I'll update this post with any of their findings.

 

Just to clarify the issue. I can follow the guide, get everything working using CLI. The config will sync back to FortiManager ok. But, as soon as I go through the install wizard from FortiManager back to the Gate (even without making any further changes to actually install), FortiManager installs CLI commands that disable NAC on the VAP and deletes any manually added NAC-Policies (see Install Preview)

 

FMG Install Preview.png

 

Like I say, I think this might be some limitation with NAC with this particular combo of devices, but it does work fine when set up using CLI so I'm not sure. Could be me just doing something wrong. This setup is just part of a little lab I'm using for training. I'll update as soon as I know more.

16
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.