Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mostafahasanin38
New Contributor

FortiNAC BYOD

Hi All,

 

We are deploying FortiNAC BYOD, and testing it on wired connection firstly, then will deploy on wireless.

 

We have an issue that BYOD device is locate in the isolation VLAN successfully, then redirected to FortiNAC Portal, but the portal takes a lot of 5 minutes to load, also after the user login using LDAP credential, he download Disslovable Agent successfully and install it, but Dissolvable Agent trigger an Error "Unable to obtain configuration from Server" and asks for server IP, when entering server IP, the same Error exists.

 

2022-21-30 07-13-30-fortinac winbind - بحث Google‏ and 11 more pages - Work - Microsoft​ Edge.png

Could you please support.

3 REPLIES 3
AEK
Contributor II

Hello Mos

FortiNAC is extremely capricious software, any little parameter (from hundreds) in your env that is not configured as it wants will lead to various kinds of issues. I can tell you that FortiNAC is the most capricious and complicated software I've seen in my 15 years career.

 

So for your first issue, the portal may not auto-display until you request some URL on your browser, or may be caused from DHCP address is coming probably late because your client may have not refreshed its dynamic address when it should do, this is one or two of the many possible scenarios. So try check your client's IP address while you are waiting for the portal to display.

 

For the second issue, as far as I remember it happens when you don't have valid certificate for on your server portal, or if the certificate is not recognized by client, in version 9 dissoluble agent is enforced with https. So when you are prompted you should enter protocol before IP, i.e.: http://x.x.x.x/some_path, this should work.

I think there is probably "some_path" but sorry I don't remember it.

 

mostafahasanin38

Hi AEK,

 

Regarding Dissolvable Agent issue, it resolved and working fine.

But I have an issue that network enforcement not happened as FortiNAC doesn't switch Wireless VLAN from the isolation to the production.

do you know a specific steps to force SSID to force VLAN switching or have a guide explain FortiNAC for SSID enforcement ?

As I have already added the SSID into force-authentication and role-based groups, then in SSID model configuration I make it custom not inherit and enforce isolation and production VLANs.

the host is matching successfully in the network access policy, but didn't take the access VLAN.

ebujedo
Staff
Staff

Hi mostafahasanin38,
FortiNAC switches VLAN in different ways (REST API, SSH, RADIUS, ETC) depending on the product integration(Forti AP, Cisco, Ruckus, etc):
You can find all our integration guides supported here:
https://docs.fortinet.com/product/fortinac/8.8
Which of these is your case ?

Best regards.

Ezequiel Bujedo