Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
scitlak
Staff
Staff

Created on ‎03-08-2024 07:07 AM Edited on ‎03-08-2024 07:08 AM By Moderator

Article Id 303583

Technical Tip: Leveraging Domain Group Membership of Client with EAP-TLS Computer-Based Authentication

Description This article describes configuring FortiNAC to leverage Computer Group membership to assign a role to a host with EAP-TLS computer-based authentication.
Scope FortiNAC-F v7.x.x, FortiNAC v9.x.x.
Solution
  1. Configure the LDAP identity to be 'dnsHostname'. 

    1.png
  2. By using LDAP identity, FortiNAC will try to compare dnsHostname against EAP-TLS-Client Certificate Common Name. If they do not match, FortiNAC can not find the host in LDAP and retrieve the appropriate group membership.

2.png
3.png

 

  1. Create an AD Security Group and set the host as a Group member. Then create a new Role and add the group in the role.


    5.png
    4.png

     

  2. After a successful EAP-TLS computer-based authentication, the host will have the appropriate host role.

    6.png
229
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.