Fortinet black logo

SD-WAN Architecture for Enterprise

Zero trust local access network

7.0.0
Copy Link
Copy Doc ID 7030e0d2-4287-11ec-bdf2-fa163e15d75b:1565
Download PDF

Zero trust local access network

Implementing security access control is straightforward with FortiSwitch, dynamically preventing unknown devices from gaining access to the network.

The are several features that could help to achieve this goal:

  • FortiGate NAC: this built-in capability works alongside FortiSwitch and does not require any additional license. It enables the mapping of devices into VLANs depending on the device type. Unrecognized devices can be assigned to a guest VLAN with limited access. Moreover, it allows the dynamic configuration of ports based on the matching criteria of different parameters (MAC address, OS, device type, user). Multiple policies can be applied to map different devices to their corresponding settings: LLDP profile, 802.1x, QoS, VLAN.
  • User authentication with 802.1X: implementing a user or MAC address bypass at the port or MAC level allows different devices to connect by authenticating them against a RADIUS server or FortiAuthenticator.
  • LLDP profiles: configuring devices detected by LLDP automatically, assigning them to specific VLANs and QoS marking.

Zero trust local access network

Implementing security access control is straightforward with FortiSwitch, dynamically preventing unknown devices from gaining access to the network.

The are several features that could help to achieve this goal:

  • FortiGate NAC: this built-in capability works alongside FortiSwitch and does not require any additional license. It enables the mapping of devices into VLANs depending on the device type. Unrecognized devices can be assigned to a guest VLAN with limited access. Moreover, it allows the dynamic configuration of ports based on the matching criteria of different parameters (MAC address, OS, device type, user). Multiple policies can be applied to map different devices to their corresponding settings: LLDP profile, 802.1x, QoS, VLAN.
  • User authentication with 802.1X: implementing a user or MAC address bypass at the port or MAC level allows different devices to connect by authenticating them against a RADIUS server or FortiAuthenticator.
  • LLDP profiles: configuring devices detected by LLDP automatically, assigning them to specific VLANs and QoS marking.