What are some of the ways you can place rogue hosts in a isolation vlan
? I know that you can choose a managed switchport and set the port to
Forced Remediation/Registration/Default. But that doesn't seem scalable.
What happens if a rogue host shows ...
I'd like to use FAC's TACACS+ service. Users will be pulled in from
EntraID via SAML. Of course Entra has MFA via MA Authenticator.What
happens in this scenario ? FAC couldn't broker Entra's MFA right ? Would
I need Fortitokens in this case to do MFA...
I'm looking for configuration example on the FortiAP to solve this use
case. Client connects to an Open SSID, gets an IP from FortiNAC's
registration interface. It is then directed to FortiNAC registration
portal. Once the user is authenticated, NAC ...
Goal is to create identity based FW policy. We are looking at using FCT
Mobility Agent and FAC Cloud. Trying to wrap my head around the impact
in the event of a loss of connectivity anywhere in this path. SSOMA <-->
FAC Cloud <--> Fortigate. How long...
That is correct @ebilcari. I just created a Host/User profile "Where
Host Type is Rogue", then Access Policy that uses that profile to move
it to the Isolation logical network. This works.
Is it safe to say that until the new feature request becomes available,
there is only 1 option to accomplish my firewall tagging requirement:
Purchase and deploy Entra Domain Services ?
@ebilcari - You are correct. on NAC - version 7.2.8 I see the same
thing. Policy Details says no tags being sent, but on the Gate the it
shows the tag and IP address. Thanks !
