Technical Tip: Comprehensive guide for a simple Fo...

Hatibi · 12-27-2024

Description This article describes how to identify the RADIUS reject cause when EAP-MSCHAPv2 is used as authentication method. Scope FortiNAC-F. Solution MSCHAPv2 is a challenge response protocol and a widely used EAP authentication method. In such i...

Hatibi · 12-05-2024

Description This article provides some examples of the methods that can be used by FortiNAC in order to control access for BYOD scenarios. Scope FortiNAC-F, FortiNAC. Solution Companies normally have in place BYOD policies, to allow their users to br...

Hatibi · 11-26-2024

Description This article describes best practices and recommendations for FortiNAC hardening. Scope FortiNAC-F v7.4.0 and greater. Solution FortiNAC is a Network Access control solution Server that is available in both Hardware and Virtual Machine(VM...

Hatibi · 11-20-2024

Description This article describes how FortiNAC can provision switchports on any Network inventory device to support AP free seating and apply control to any type of endpoint connecting to the infrastructure switches. Scope FortiNAC-F, FortiGate, For...

Hatibi · 11-19-2024

Description This article shows how to configure and validate RADIUS accounting configuration in order to update the Switchport state when a host disconnects. Scope FortiNAC-F. Solution The RADIUS protocol is one of the methods that FortiNAC uses for ...

Hatibi · 12-18-2024

Well, when you said the AP is dissapearing from DHCP table i presumed they were not retaining IP configuration. - after restart, APs get their IP from DHCP on Fortigate, but later they disappear from DHCP table You did not mention that the AP keeps i...

Hatibi · 12-17-2024

Have you configured DHCP reservations in FortiGate for your APs? If that is possible, try and set that up and then check if the issue still occurs for the APs.

Re: Unknown user logs in endpoint logs · 12-12-2024

Apparently this is intended in 7.2.X Explained in this article: https://community.fortinet.com/t5/FortiGate/Troubleshooting-TIp-Dial-up-IPsec-shows-Unknown-User-under/ta-p/339137 UNKNOWN user provide extra information about the overlay tunnel setting...

Hatibi · 12-09-2024

I would suggest collecting a HAR capture from your browser while you recreate the issue. (https://toolbox.googleapps.com/apps/har_analyzer/) Then open a case with TAC support to investigate that and any additional debug that might be required.

Hatibi · 12-05-2024

The request is being sourced from 172.27.1.98. Is the switch added with this IP in FortiNAC? FortiNAC will ignore RADIUS requests when these are not coming from a Source IP it has in the inventory view. Enable following debugs in FortiNAC: diagnose d...

User Statistics

User Activity

Technical Tip: Random failures with message: 'Access-Reject-Event- Credentials Invalid (MSCHAP2)'

Technical Tip: Control BYOD access

Technical Tip: FortiNAC Hardening

Technical Tip: FortiNAC 'Colorless ports' support based on 802.1x RADIUS authentication.

Technical Tip: Use RADIUS Accounting to dynamically update port state when hosts disconnect

Re: Problems with WiFi FortiOS 7.4.5 and FAP sw 7.4.4

Re: Problems with WiFi FortiOS 7.4.5 and FAP sw 7.4.4

Re: Unknown user logs in endpoint logs

Re: FML 7.6 CLI issue

Re: Issue with dot1x Configuration on FortiNAC

Technical Tip: Comprehensive guide for a simple Fo...

Technical Tip: Run tcpdump in FortiNAC-F and save ...

Troubleshooting Tip: Host visibility issues in For...

Technical Tip: FortiGate explicit proxy authentica...

Technical Tip: FortiNAC general troubleshooting gu...

Re: Issue with dot1x Configuration on FortiNAC

Re: FortiNAC restrict access to container

Re: Fortinac

Re: How to remove Session List ID

Re: Fortinet with Starlink. If not active Starlink...

KCS