Technical Tip: Leveraging Domain Group Membership ...

scitlak · 02-19-2025

Description This article describes how to find the correct RADIUS Attribute values stored by FortiNAC and create a 'User Host Profile' by using the correct RADIUS Attribute values. Scope FortiNAC, FortiNAC -F. Solution When FortiNAC receives a RADIUS...

scitlak · 01-23-2025

Description This article describes how to configure FortiNAC to retrieve the LDAP Group membership of a host by using MSCHAPv2 Machine based authentication and to set a host role depending on a host LDAP Group membership. Scope FortiNAC-F v7.6. Solut...

scitlak · 01-06-2025

Description This article describes how to enable TLS 1.3 and the appropriate ciphers for Persistent Agent in FortiNAC. Scope FortiNAC, FortiNAC-F. Solution Since Persistent Agent 7.6.0 requires TLS 1.3, it is mandatory to enable TLS 1.3 and appropria...

scitlak · 12-19-2024

Description This article describes how to change Default Enforcement on an SSID by using CLI. Scope FortiNAC, FortiNAC-F. Solution FortiNAC does not allow to change Default Enforcement as 'deny' or 'bypass' by using GUI. However, it can changed by us...

scitlak · 12-19-2024

Description This article describes how to configure FortiNAC to send SSO tags to a Downstream FortiGate in a Security Fabric environment. Scope FortiNAC -F, FortiNAC. Solution In a Security Fabric environment, if FortiNAC learns a host from a downstr...

scitlak · 02-14-2025

Hi, There is no special doc for Meraki Guest Wifi or any other vendor. The logic for guest wifi is always the same and you can check the below KB. FortiNAC Guest Captive Portal configurati... - Fortinet CommunityBRs

scitlak · 01-10-2025

You can not restrict web page access from FortiNAC directly. But you can send a SSO tag to your FortiGate depends on your Network Access Policy and you can configure the Firewall Policy depending on your SSO Tag sent by FortiNAC.https://docs.fortinet...

scitlak · 11-15-2024

Hi, You may find some OIDs in FORTINET-FORTIEXTENDER-MIB.mib that can provide some useful information for your SIM data usage. fext info modem data usage index --> oid 1.3.6.1.4.1.12356.121.21.3.3.1.1 fext info modem data usage modem --> oid 1.3.6.1....

scitlak · 11-05-2024

Hi, You may use the same certificate for all of them or you may generate different certificates for each of them. Especially for the portal, if you would like to guest registration, it would be better to have a publicly signed certificate. As I menti...

scitlak · 11-05-2024

Hello, You probably use the default TLS certificate for your Persistent Agent in FortiNAC. According to logs, PA tries to establish an SSL/TLS handshake with your FortiNAC but it fails since the FQDN is not in the CN or SAN of your Certificate. Your ...

User Statistics

User Activity

Technical Tip: How to find the correct RADIUS Attributes values stored by FortiNAC

Technical Tip: How to configure FortiNAC to set host role by using MSCHAPv2 Machine Authentication

Technical Tip: How to enable TLS 1.3 for Persistent Agent in FortiNAC

Technical Tip: How to change Default Enforcement on an SSID by using CLI

Technical Tip: How to configure FortiNAC to send SSO tags to a Downstream FortiGate in a Security Fabric

Re: GUEST WIFI - AP MERAKI

Re: Could FortiNAC restrict the end users to access some webpages?

Re: Monitor SIM Card usage of FortiExtender

Re: Certificate error message when device is redirect to Captive portal

Re: Certificate error message when device is redirect to Captive portal

Technical Tip: Leveraging Domain Group Membership ...

Technical Tip: FileTransfer with TFTP for FortiNAC...

Technical Tip: How to find the correct RADIUS Attr...

Re: GUEST WIFI - AP MERAKI

Technical Tip: How to enable TLS 1.3 for Persisten...

Re: Certificate error message when device is redir...

Re: Fnac mac address discovery filter

Re: Radius Authentication with Dynamic VLAN Assign...

Re: FNAC - Dot1x auto registration role

KCS

User Statistics

User Activity

You are leaving our website