Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Fortinet Security Fabric/FSSO Integration

    Home FortiNAC-F 7.2.0 Fortinet Security Fabric/FSSO Integration
    7.2.0
    7.2.0

    Connection Process

    Connection Process

    Network Connect

    1. FortiNAC detects a device has connected

    2. The device is evaluated against the existing Network Access Policies in FortiNAC.

    3. SSO Logon message is sent to FortiGate containing the following information:

    • IP Address

    • User ID – (logged on user, owner, or MAC address if userID is unknown)

    • Group: Group name or Firewall Tag name (determined by the matching Network Access Policy)

    1. Based upon the received information, FortiGate applies the appropriate IPv4 Policy to the device.

    Change

    1. FortiNAC detects one of the following has changed:

    • Device status (e.g. Registered, Authenticated, Unauthenticated, At-Risk, Safe, - Disabled or Rogue)

    • Ownership (“Registered to”)

    • User logon or logoff

    • IP Address

      Note: FortiNAC performs L2 Polls regularly and makes corrections as required. This includes changing the network access if the applied Network Access Policy no longer matches.

    1. The device is re-evaluated against the existing Network Access Policies in FortiNAC.

    2. If the matching policy has changed, SSO message is sent to FortiGate containing the IP Address, User ID and updated Group

    3. Based upon the received information, FortiGate applies the appropriate IPv4 Policy to the device.

    Network Disconnect

    1. FortiNAC detects the device has disconnected

    2. SSO Logon message is sent to FortiGate containing the IP Address, User ID and Group

    3. FortiGate removes the group or firewall tag association and IPv4 Policy.

    Previous
    Next

    Connection Process

    Connection Process

    Network Connect

    1. FortiNAC detects a device has connected

    2. The device is evaluated against the existing Network Access Policies in FortiNAC.

    3. SSO Logon message is sent to FortiGate containing the following information:

    • IP Address

    • User ID – (logged on user, owner, or MAC address if userID is unknown)

    • Group: Group name or Firewall Tag name (determined by the matching Network Access Policy)

    1. Based upon the received information, FortiGate applies the appropriate IPv4 Policy to the device.

    Change

    1. FortiNAC detects one of the following has changed:

    • Device status (e.g. Registered, Authenticated, Unauthenticated, At-Risk, Safe, - Disabled or Rogue)

    • Ownership (“Registered to”)

    • User logon or logoff

    • IP Address

      Note: FortiNAC performs L2 Polls regularly and makes corrections as required. This includes changing the network access if the applied Network Access Policy no longer matches.

    1. The device is re-evaluated against the existing Network Access Policies in FortiNAC.

    2. If the matching policy has changed, SSO message is sent to FortiGate containing the IP Address, User ID and updated Group

    3. Based upon the received information, FortiGate applies the appropriate IPv4 Policy to the device.

    Network Disconnect

    1. FortiNAC detects the device has disconnected

    2. SSO Logon message is sent to FortiGate containing the IP Address, User ID and Group

    3. FortiGate removes the group or firewall tag association and IPv4 Policy.

    Previous
    Next