Created on 10-01-2018 12:16 AM Edited on 09-25-2023 03:36 AM By Stephen_G
Description
Solution
To check the matching policy without waiting for the end user to raise an issue or perform testing after each change is made in FortiNAC configuration, use the test tool that can be accessed in Hosts. Right-click on the desired host and select 'Policy Details'. Below is an example of a host not matching any user/host profile:
Make sure to check all the tabs and the configurations are correct.
There are also other matching criteria that can be configured directly in the profile, such as location, user/host group, time, or information extracted from RADIUS attributes.
After making the correct changes, the result should include a Logical network and the desired VLAN ID or name will be shown:
If the correct policy is used but there is no VLAN shown (VLAN name or VLAN ID), make sure that the VLAN is tied with the logical network that is used in the Network access policy.
To debug from the CLI, run the following:
nacdebug -name PolicyHelper true
Example output:
yams.PolicyHelper FINER :: 2023-09-25 11:59:21:767 :: #955 :: HostRecord.getEPCPolicy() HostRecord DBID: 132 calling HostRecord.getAbstractPolicy()
HostRecord.getAbstractPolicy() HostRecord DBID: 132 Using User:
UserRecord:
Landscape = 91754594318 00:15:5D:00:00:0E
ID = 10
Role = AD-NetworkUserRole
Type = Administrative
Admin Profile DBID = 3
Directory Policy =
DN = CN=gimi,OU=Usr,DC=eb,DC=eu
Position = Shef IT
Email Address = gimi@eb.eu
First Name = gimi
...
Setting adapters from host record.
HostRecord.getAbstractPolicy() HostRecord DBID: 132 Using HostRecord
Host Record:
Landscape = 91754594318 00:15:5D:00:00:0E
ID = 132
hostName = WIN-10-USB
owner = beni
policy = null
os = Windows 10 Pro 6.3 21H2 10.0.19044.3086
hardwareType = VMware, Inc. VMware20,1 None
application = Anti-Virus :: Microsoft Windows Defender,Anti-Virus :: Microsoft Windows Defender Engine Updates,Anti-Virus :: Microsoft Windows Defender Signatures,Anti-Virus :: Windows Defender Real-time Protection Check,Operating-System :: ...
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.