fortinac version:7.2.0.0035
persisten agent verion: 9.4.0.93
use L3 isolation model, power on a rogue pc (with PA), the fortinac put the pc into an isolation network and assign dns server ip (fortinac eth1 ip) to the rouge pc, in this senario the persisten agent on rouge pc trying to communication to nac controller, first step should send the dns request to dns server (fortinac eth1 ip) trying to get the ip of nac controller, however nac dns response it's eth1 ip to rouge pc not eth0 ip, is there any missconfiguation?
Solved! Go to Solution.
This is the expected behavior. While being in isolation the host communicate with FortiNAC using isolation networks (from eth1 interface).
Are you having problems with Agent communication? You can check the agent logs from the PC [C:\ProgramData\Bradford Networks\general.txt] for any reported problem.
Take a look at this article: https://community.fortinet.com/t5/FortiNAC/Technical-Tip-Troubleshooting-the-Persistent-agent/ta-p/1...
or checking the logs from FortiNAC debugs:
https://community.fortinet.com/t5/FortiNAC/Technical-Tip-Persistent-Agent-not-able-to-start-communic...
This is the expected behavior. While being in isolation the host communicate with FortiNAC using isolation networks (from eth1 interface).
Are you having problems with Agent communication? You can check the agent logs from the PC [C:\ProgramData\Bradford Networks\general.txt] for any reported problem.
Take a look at this article: https://community.fortinet.com/t5/FortiNAC/Technical-Tip-Troubleshooting-the-Persistent-agent/ta-p/1...
or checking the logs from FortiNAC debugs:
https://community.fortinet.com/t5/FortiNAC/Technical-Tip-Persistent-Agent-not-able-to-start-communic...
thanks for your explianing, the PA logs without error.
If host state is Rogue > And the system group membership is "Forced Registration(port)" > Then change VLAN to Registration
eth1 will provide DNS services to the host
thanks for your reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.