I'm looking for some best practices for setting the 'starting default'
wired switchport vlans when deploying NAC. What is reccommended for each
of these cases ?a) dead end VLAN with zero access ?b) guest network VLAN
that denies access to any corpora...
Seeking a Fortinet solution to replace our Umbrella DNS Advantage for
remote users. The goal is to enforce DNS filtering for all remote users,
regardless of whether or not they are on/off VPN. Forticlient doesn't
support the DNS filtering profile (on...
For my FortiCloud subscriptions (FAZ, FMG, Sandbox, EMS) - Our
compliance team needs documentation that our data is kept in US
datacenters only. How is this handled and is there any documentation
that proves it ? Thanks, Don
When trying to move sub-interfaces from one physical port to another, my
policy package in FMG throws errors... Seems like I have to manually
update every policy. Is there a way to get the policy to track the
changes and auto-correct itself ? Thanks,...
Let's say my environment consists of 1 spoke and two hubs. All sites
have at least 1 ISP. There is an MPLS link between each spoke and the
hub, no MPLS between spokes.Spokes will route through the Hub via MPLS
via OSPF to reach each other.If an MPLS ...
AEK, makes sense. A follow-up question....In a windows environment, does
the user need to start on a vlan that at least has access to the domain
controller to authenticate before any NAC policy is applied ? Thanks !
My thought was running these CLI scripts from FMG: 1) Policy Package -
Replace vlan interface with "any". Must install the policy because all
subsequent configs will fail.2) Device Database - In the VLAN interface,
unset the existing physical port, t...
