Technical Tip: Useful CLI commands in FortiNAC-OS ...

ebilcari · 05-12-2025

Description This article describes an issue that may affect setups that are upgraded from firmware v9.x running in CentOS to firmware v7.x running in FortiNAC-OS. The captive portal is not reachable, the reason (error 503): 'Service Unavailable. The ...

ebilcari · 05-06-2025

Description This article describes an example of how to set up VPN session management for a FortiGate in FortiNAC using the Dissolvable Agent on the end host, along with key troubleshooting steps. Scope FortiNAC, Dissolvable Agent and FortiGate. Solu...

ebilcari · 04-17-2025

Description This article describes an example of how to set up FortiNAC and Persistent Agent communication in a simplified network. Scope FortiNAC and Persistent Agent. Solution Network design and IP planning. Below is an example of a network diagram...

ebilcari · 04-01-2025

Description This article describes how to extract and utilize the FortiNAC MIB file in a Network Monitoring System. This helps monitor the FortiNAC setup itself, like its hardware components, license usage, and the details of clients and managed devi...

ebilcari · 03-17-2025

Description This article explains a behavior that may occur when attempting to uninstall or install a Persistent Agent package on a Windows host where the software was originally installed via Group Policy. Scope FortiNAC and Persistent Agent. Soluti...

ebilcari · 05-30-2025

Ok, that part seems fine. You can also check if the user is matching the correct policy, you can try to move it on top or check the debug logs for more details.Can you also specify which firmware version is FortiAuthenticator currently running?

ebilcari · 05-30-2025

I think this should be the standard behavior for all the switches, it can not learn a multicast MAC in a port and should drop the traffic. I can not test it at the moment but I guess this event will be created 'Corrupt MAC packet detected'.

ebilcari · 05-30-2025

The main reason for this packet counter to go up could be the MTU mismatch between nodes. Are this configurations unified, some details are covered in this article.

ebilcari · 05-30-2025

I did a quick search internally and found a similar case, the group filter need to be enabled under 'Identity sources' in the RADIUS policy in order for the attributes to be sent. Can you check if this is similar to your case?

ebilcari · 05-29-2025

You can refer to this article: Technical Tip: How to check and verify a RADIUS attribute that is configured in a remote group setting on FortiAuthenticator I would also suggest to start with minimum attributes, NAS devices tend to ignore all the attr...

User Statistics

User Activity

Troubleshooting Tip: Captive portal not reachable after FortiNAC upgrade: 'Service Unavailable'

Technical Tip: A simple network example of deploying VPN management with FortiGate

Technical Tip: A simple network example of deploying Persistent Agent in FortiNAC

Technical Tip: Monitor FortiNAC's status via SNMP using a network monitoring system

Troubleshooting Tip: Agent installation through Group Policy

Re: FortiAuthenticator - Wireless dot1x with remote ldap - CoA not working

Re: Fortiswith blocking MAC addresses with unidentified OUI

Re: Oversized packet stat on uplink to fortigate and fortilink ports

Re: FortiAuthenticator - Wireless dot1x with remote ldap - CoA not working

Re: FortiAuthenticator - Wireless dot1x with remote ldap - CoA not working

Technical Tip: Useful CLI commands in FortiNAC-OS ...

Technical Tip: An example of a simple network depl...

Technical Tip: Performance issue and some general ...

Technical Tip: A simple deployment including Forti...

Technical Tip: Update Persistent agent through For...

Re: FortiGate/FortiManager Rest API call for lice...

Re: Configuring IPSec IKEv2 tunnel for dial up con...

Re: FortiNAC VPN management with FortiGate (IPsec ...

Re: FortiNac 9.4.6 to 9.4.7

Re: Custom Email Notifications

KCS

User Statistics

User Activity

You are leaving our website