Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
ebujedo
Staff
Staff

Created on ‎03-07-2021 09:06 AM

Article Id 196032

Technical Tip: FortiNAC automated incident response does NOT change port status

Description
FortiNAC shows in the 'Security Alarms' that some action has been performed for example 'Disable port' or 'Disable Host' but nothing actually happens with the host or the switchport.

Related document.
https://docs.fortinet.com/document/fortinac/8.6.0/administration-guide/328047/automated-threat-respo...

External resource.
https://www.youtube.com/watch?v=S2C44BFVlAw

Solution
Make sure the unit where the host is connected is a member of 'Physical Address Filtering' group.
1) Go to 'Topology' view.
2) Select the unit where hosts are connected.
3) Select 'Group Membership'.
4) Make sure 'Physical Address Filtering' group is selected (see example):



Related Articles

Technical Note: Disabled wired hosts not isolated

Labels:
401
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.