DescriptionWhen a device is connected to an isolation VLAN (e.g., Registration, Quarantine, DeadEnd), the NAC Server/NAC Application Server acts as the DNS server. Upon receipt of a DNS request from the isolated host, NAC returns the IP address of the isolation interface unless the domain is listed in the Allowed Domains page. If a request for a domain listed in the Allowed Domains page is received, NAC sends a request to the customer's DNS server for resolution. The Allowed Domains page modifies the entries found in the zones.common file in NAC.
To provide appropriate IP resolution to isolated devices for completing actions such as updating AV/AS programs and SSL certificate authentication, this list should be updated as necessary. Refer to the FortiNAC Cookbook recipe Domains to Add to FortiNAC Allowed Domains List for an updated list of these domains. To add domains to the Allowed Domains page:
1. Log into the Network Sentry Administrative UI.
2. Navigate to System > Settings > Allowed Domains.
3. Click Add to add a domain.
5. Click Save Settings to save any edits.
Related Articles
Technical Tip: Troubleshooting domain resolution in the captive portal
Technical Note: Captive Portal page secured with SSL certificate not building or slow to build
