FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
FortiKoala
Staff
Staff
Article Id 194122

Description

Enabling the Captive Network Assistant (CNA) automatically opens a browser for authentication when a device is isolated. Upon connecting to the network, users will be notified that they are in a Captive Network and must visit the NAC portal to authenticate.
 

Note the following before enabling CNA:
  • This feature should not be used when using Endpoint Compliance Policies for MAC computers. Since macOS launches a mini browser, users cannot download items, such as the agent, from within the Captive Network Assistant.
  • Domains used to determine whether or not to launch the browser will differ. In addition, the end user experience can vary between vendor and operating systems.
  • This feature only runs a limited scope of Javascript, and HTML requests will not open a new browser window. Clicking a link while using this feature will result in the current browser window being replaced by the new browser window.


Scope
Versions  8.1 and lower

Solution

1)  Upgrade to a more recent software version before configuring CNA. Versions 8.1 and lower are no longer supported.  Refer to the release information section of the Fortinet Document Library for the latest information on code versions and upgrade instructions.
 
2) Once upgraded, refer to the Captive Network Assistant reference manual for instructions.
 
 
 
 

 

(For reference)

 

Instructions to Enable CNA in Network Sentry 8.1 and lower (only required for the iOS and OSX):  

 

1)  Go to System > Settings, select the Security node, and then select Portal SSL.

 

2)  Right-click next to the SSL Mode field, and select Inspect from the right-click menu.

3)  In the Developer Tool, enter "Security Level” in the search field and enter.
4)  Arrow down and select the display; none; table row style.
5)  Hover the cursor next to display; none; in the upper right panel.  A check box should display.
6)  Clear the check box.  The display: none; element style will be crossed-out.

The Enable the Captive Network Assistant option will now display in the Portal SSL window.

7)  Close the Developer Tool by clicking on the “X” in the upper right corner of the panel.
8)  In Network Sentry, select the Enable the Captive Network Assistant check box. When enabled, Apache will no longer capture requests from the CNA.





Contributors