Hello, very good video. Really interesting. I have a question. If all the ports of all the switches are found in NAC mode and an attempt is made to connect a device that is not authorized, would this deny access until the NAC rule is made to allow it? basically nothing connects until it is authorized. Regards
See 1:10 to 1:50 which covers it. the 'onboarding' VLAN is where the "non-authorized" devices are placed until it matches a NAC rule. So as long as your firewall policies don't allow any access then that will achieve the end result that you are looking for
Hello, I am from France and your video are all very interresting. Very good job !! Is it possible to add many MAC addresses in the same NAS rule ? Regards Cedric
Hey, if I have a third-party downstream switch (such as Juniper) that I want to connect to upstream FortiSwitch. How can I tag all the VLANs on the FortiSwitch port that is connected to a third-party switch?
On the FortiSwitch port connected to Juniper port, you would conifgure "Allowed VLAN's" and specify the VLAN's that you want communicated to the Juniper side. The allowed VLAN list for each port specifies the VLAN tag values for which the port can transmit or receive frames. See more: docs.fortinet.com/document/fortiswitch/6.4.6/administration-guide/146333/vlans-and-vlan-tagging#Allowed
this video is a star !!! i really needed it to understand FortiNAC, thanks :)
Hi there, very informative video. Do you have any other video about FortiNAC and how to deploy it please ?
Hello, very good video. Really interesting. I have a question.
If all the ports of all the switches are found in NAC mode and an attempt is made to connect a device that is not authorized, would this deny access until the NAC rule is made to allow it?
basically nothing connects until it is authorized.
Regards
See 1:10 to 1:50 which covers it. the 'onboarding' VLAN is where the "non-authorized" devices are placed until it matches a NAC rule. So as long as your firewall policies don't allow any access then that will achieve the end result that you are looking for
Hello, I am from France and your video are all very interresting. Very good job !!
Is it possible to add many MAC addresses in the same NAS rule ?
Regards
Cedric
You can use wildcard to make it more scalable. I don't believe you can add many MAC addresses to the same rule though
Hey, if I have a third-party downstream switch (such as Juniper) that I want to connect to upstream FortiSwitch. How can I tag all the VLANs on the FortiSwitch port that is connected to a third-party switch?
On the FortiSwitch port connected to Juniper port, you would conifgure "Allowed VLAN's" and specify the VLAN's that you want communicated to the Juniper side. The allowed VLAN list for each port specifies the VLAN tag values for which the port can transmit or receive frames.
See more:
docs.fortinet.com/document/fortiswitch/6.4.6/administration-guide/146333/vlans-and-vlan-tagging#Allowed