Here's my take on a basic best practices for securing corp wifi... Any
feedback would be much appreciated. Client = 802.1x supplicant and certs
installed on the machineAuthenticator = Wifi ControllerAuthentication
Server = RADIUS serverDomain control...
Is it possible to configure FSA to do a dynamic scan on a certain VM
clone based on the user or machine the file came from ? For instance, if
the file came from a Windows 11 user, is it possible to force the
dynamic scan to a Windows 11 clone only ?
I'm looking for some best practices for setting the 'starting default'
wired switchport vlans when deploying NAC. What is reccommended for each
of these cases ?a) dead end VLAN with zero access ?b) guest network VLAN
that denies access to any corpora...
Seeking a Fortinet solution to replace our Umbrella DNS Advantage for
remote users. The goal is to enforce DNS filtering for all remote users,
regardless of whether or not they are on/off VPN. Forticlient doesn't
support the DNS filtering profile (on...
For my FortiCloud subscriptions (FAZ, FMG, Sandbox, EMS) - Our
compliance team needs documentation that our data is kept in US
datacenters only. How is this handled and is there any documentation
that proves it ? Thanks, Don
Thanks AEK, definitely see how NAC provides the control once auth is
complete. Regarding the Wifi RADIUS EAP-TLS, I have a follow up.What is
the best practice - to use Machine Cert or User Cert for authentication
in a Windows AD environment ?I would ...
AEK, makes sense. A follow-up question....In a windows environment, does
the user need to start on a vlan that at least has access to the domain
controller to authenticate before any NAC policy is applied ? Thanks !
