I have 40 windows servers that perform unique functions and want ZTNA
access to all of them. I guess there are a couple of different ways:1)
Unique public IPs for ZTNA TCP Forwarding Server with the same external
port being 3389, and internally mappe...
I am hitting the correct NAC policy which should send a COA to my
Fortigate Wifi controller to change the vlan. Logical Network portion
working correctly. PCAPs on gate and NAC not showing any traffic being
initiated. Other policies are properly send...
Is there a way to automatically map AD Groups to Workgroups for use in
Policies ?I saw this article that seems to support it in 6.2. Seems the
functionality is missing in 7.4.1
https://docs.fortinet.com/document/forticlient/6.2.0/new-features/280319/...
Currently I have a typical Active Directory on-prem setup. 1- Persistent
Agent gleans the username from the PC. 2- NAC is linked to AD and pulls
the group info for the user.3- NAC sends the group tags to the Fortigate
for use in FW policy to limit ac...
I am successfully receiving dynamic firewall tags on my gate from NAC.I
would now like to setup FSSO Firewall User Tags. The FSSO communication
on port 8001 is established (NAC port 1 has allow fsso) However, I am
not getting any users/groups listed....
Is it safe to say that until the new feature request becomes available,
there is only 1 option to accomplish my firewall tagging requirement:
Purchase and deploy Entra Domain Services ?
@ebilcari - You are correct. on NAC - version 7.2.8 I see the same
thing. Policy Details says no tags being sent, but on the Gate the it
shows the tag and IP address. Thanks !
team, I figured out the issue. It seems that the Proxy Policy I created
had some kind of conflict with my ZTNA Firewall Policy. When I disabled
the FW policy (which just allowed access to the defined ZTNA servers),
things worked as expected with both...
