FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
cmaheu
Staff
Staff
Article Id 193546

Description

When an endpoint is connected over a managed VPN tunnel, the following notifications will appear regardless of ClientStateEnabled Persistent Agent setting... 

 

When end station first connects, access is restricted and the agent displays:
“Network restrictions have been applied for this device”

 

Once the appliance has evaluated the end station and moved the IP address to the unrestricted network object group, the agent displays:
“Network restrictions have been lifted for this device”

 

 
These agent notifications inform the remote user of their current access.  The notifications are enabled by default, however, it is possible to disable them if desired.
 
 
For further details on VPN integrations, refer to the following reference manuals in the Fortinet Document Library:
 


Scope
Version: 8.3 and above

Solution
Login to the CLI as root and configure attributes specific to the integrated VPN server's device model (Cisco ASA or FortiGate).   Contact Support for assistance.

Disable all agent notifications when connecting over VPN:
device –ip <VPN Server IP> –setAttr –name DisableClientTransitionMessages –value true

Re-enable all agent notifications:
device –ip <VPN Server IP> –setAttr –name DisableClientTransitionMessages –value false

Example:
device –ip 192.168.1.1 –setAttr –name DisableClientTransitionMessages –value true

 
 

“Network restrictions have been applied for this device” notification:
Disable
device –ip <VPN Server IP> –setAttr –name DisableRestrictMessageText –value true
 
Re-enable
device –ip <VPN Server IP> –setAttr –name DisableRestrictMessageText –value false
 
 
 
“Network restrictions have been lifted for this device” notification:
Disable

device –ip <VPN Server IP> –setAttr –name DisableClearMessageText –value true

Re-enable
device –ip <VPN Server IP> –setAttr –name DisableClearMessageText –value false
 
 





Contributors