Allowed domains
Use the Allowed Domains View to specify the domains and Production DNS Server that isolated hosts use to gain access to network locations. For example, if hosts are in isolation because they do not have the latest virus definitions for their virus software, they would need to be able to access the web site for their virus software to download virus definitions.
If you have used a valid SSL certificate to secure the portal, add the domain of the certificate authority to the Domains list, such as verisign.com. This allows the host's browser to validate the certificate. |
Field |
Definition |
---|---|
IP Address |
The IP Address(es) of the Production DNS Server(s). If the Prevent the DNS server from making iterative queries check box is enabled, FortiNAC would no longer perform iterative queries to external authoritative servers. If the DNS server does not find the domain, the DNS server will not continue to perform queries to authoritative name servers. The only DNS requests the FortiNAC server will make on behalf of endpoints are to the specified DNS forwarding IPs. |
Proxy Auto Config |
Optional. If you use a Proxy server, this populates the wpad.dat file with the information that allows a host to learn about the Proxy server. This also adds the Domains listed to allow hosts in Isolation to reach sites related to Anti-Virus or Operating System updates required. See Web proxy integration for additional information. |
Domains |
A list of authorized domains that an isolated host is permitted to access, such as microsoft.com. |
Revert To Defaults |
Reset the values to the factory settings. |
Configure a production DNS server
Enter the IP Address(es) of the Production DNS Server(s) for isolated hosts to have access to network Resources.
- Select System > Settings.
- Expand the Control folder and click Allowed Domains.
- Click in the IP Address field and enter the IP address of the production DNS server. Separate multiple IP Addresses with a semicolon (;).
- Click Save Settings to save all of your changes.
Add a domain
Wildcards such as * cannot be used when entering Domain names. You can enter a large domain that contains sub-domains. For example, if you enter Microsoft.com, users can access all domains for Microsoft. However, if you enter a sub-domain, such as downloads.microsoft.com, then users can only access that specific domain.
- Select System > Settings.
- Expand the Control folder and click Allowed Domains.
- In the Domains section of the window, click Add.
- Enter the domain name and click OK. Repeat to add additional domains.
- Click Save Settings.
Delete a domain
- Select System > Settings.
- Expand the Control folder and click Allowed Domains.
- In the Domains section of the window, click the domain name to select it.
- Click Delete.
- Click Save Settings.
Revert to the default domains list
To revert to the default list of domains and reset the Production DNS IP Address:
- Select System > Settings.
- Expand the Control folder and click Allowed Domains.
- Click the Revert to Defaults button at the bottom of the Domains section.
- Click Save Settings.