Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
FortiKoala
Staff
Staff

Created on ‎09-27-2018 11:44 PM

Article Id 194272

Technical Note: Guest users have access to internal network

Description
Guest users have access to internal network

Scope
Version: 6.x and Higher
Solution
Version: 6.x and Higher


Issue: A host registered on the guest network can then plug into a switch on the internal network and not be isolated by Network Sentry.


Solution: 

1.  Create a User/Host Profile that matches the following criteria:
Location = L2 Wired Switches (assuming this covers all access switches).
User or host Security Access Value = Guest role value

2.  Create Network access configuration for the VLAN for DEAD end or Guest VLAN.

3.  Create a Network Access Policy using the User/Host Profile and Configuration.

4.  Set the new policy's rank to 1 (top of the list).
                     
5.  Place Ports in a group and add the group to Role Based Access (if not already done).


Labels:
306
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.