Fortinet black logo

Administration Guide

Allowed domains

Copy Link
Copy Doc ID dc02a854-ab11-11ea-8b7d-00505692583a:106164
Download PDF

Allowed domains

Use the Allowed Domains View to specify the domains and production DNS server that isolated hosts use to gain access to network locations. For example, if hosts are in isolation because they do not have the latest virus definitions for their virus software, they would need to be able to access the web site for their virus software to download virus definitions.

If you have used a valid SSL certificate to secure the portal, add the domain of the CA to the Domains list, such as verisign.com. This allows the host's browser to validate the certificate.

Note:

  • If multiple portals are configured, this list applies to all portals. There is not a separate list per portal.

  • Router/firewall policies are required in order to properly handle traffic for isolated hosts. The FortiNAC appliance does not act as a router.

Field

Definition

IP address

The IP address(es) of the production DNS server(s).

If the Prevent the DNS server from making iterative queries check box is enabled, FortiNAC would no longer perform iterative queries to external authoritative servers. If the DNS server does not find the domain, the DNS server will not continue to perform queries to authoritative name servers. The only DNS requests the FortiNAC server will make on behalf of endpoints are to the specified DNS forwarding IPs.

Proxy Auto Config

Optional. If you use a Proxy server, this populates the wpad.dat file with the information that allows a host to learn about the Proxy server. This also adds the Domains listed to allow hosts in Isolation to reach sites related to Anti-Virus or operating system updates required.

See Web proxy for additional information.

Domains

A list of authorized domains that an isolated host is permitted to access, such as microsoft.com.

Revert To Defaults

Reset the values to the factory settings.

Configure a production DNS server

Enter the IP address(es) of the production DNS server(s) for isolated hosts to have access to network Resources.

  1. Select System > Settings.
  2. Expand the Control folder and click Allowed Domains.
  3. Click in the IP address field and enter the IP address of the production DNS server. Separate multiple IP addresses with a semicolon (;).
  4. Click Save Settings to save all of your changes.

Add a domain

Wildcards such as * cannot be used when entering Domain names. You can enter a large domain that contains sub-domains. For example, if you enter Microsoft.com, users can access all domains for Microsoft. However, if you enter a sub-domain, such as downloads.microsoft.com, then users can only access that specific domain.

  1. Select System > Settings.
  2. Expand the Control folder and click Allowed Domains.
  3. In the Domains section of the window, click Add.
  4. Enter the domain name and click OK. Repeat to add additional domains.
  5. Click Save Settings.

Delete a domain

  1. Select System > Settings.
  2. Expand the Control folder and click Allowed Domains.
  3. In the Domains section of the window, click the domain name to select it.
  4. Click Delete.
  5. Click Save Settings.

Revert to the default domains list

To revert to the default list of domains and reset the Production DNS IP address:

  1. Select System > Settings.
  2. Expand the Control folder and click Allowed Domains.
  3. Click Revert to Defaults.
  4. Click Save Settings.

Allowed domains

Use the Allowed Domains View to specify the domains and production DNS server that isolated hosts use to gain access to network locations. For example, if hosts are in isolation because they do not have the latest virus definitions for their virus software, they would need to be able to access the web site for their virus software to download virus definitions.

If you have used a valid SSL certificate to secure the portal, add the domain of the CA to the Domains list, such as verisign.com. This allows the host's browser to validate the certificate.

Note:

  • If multiple portals are configured, this list applies to all portals. There is not a separate list per portal.

  • Router/firewall policies are required in order to properly handle traffic for isolated hosts. The FortiNAC appliance does not act as a router.

Field

Definition

IP address

The IP address(es) of the production DNS server(s).

If the Prevent the DNS server from making iterative queries check box is enabled, FortiNAC would no longer perform iterative queries to external authoritative servers. If the DNS server does not find the domain, the DNS server will not continue to perform queries to authoritative name servers. The only DNS requests the FortiNAC server will make on behalf of endpoints are to the specified DNS forwarding IPs.

Proxy Auto Config

Optional. If you use a Proxy server, this populates the wpad.dat file with the information that allows a host to learn about the Proxy server. This also adds the Domains listed to allow hosts in Isolation to reach sites related to Anti-Virus or operating system updates required.

See Web proxy for additional information.

Domains

A list of authorized domains that an isolated host is permitted to access, such as microsoft.com.

Revert To Defaults

Reset the values to the factory settings.

Configure a production DNS server

Enter the IP address(es) of the production DNS server(s) for isolated hosts to have access to network Resources.

  1. Select System > Settings.
  2. Expand the Control folder and click Allowed Domains.
  3. Click in the IP address field and enter the IP address of the production DNS server. Separate multiple IP addresses with a semicolon (;).
  4. Click Save Settings to save all of your changes.

Add a domain

Wildcards such as * cannot be used when entering Domain names. You can enter a large domain that contains sub-domains. For example, if you enter Microsoft.com, users can access all domains for Microsoft. However, if you enter a sub-domain, such as downloads.microsoft.com, then users can only access that specific domain.

  1. Select System > Settings.
  2. Expand the Control folder and click Allowed Domains.
  3. In the Domains section of the window, click Add.
  4. Enter the domain name and click OK. Repeat to add additional domains.
  5. Click Save Settings.

Delete a domain

  1. Select System > Settings.
  2. Expand the Control folder and click Allowed Domains.
  3. In the Domains section of the window, click the domain name to select it.
  4. Click Delete.
  5. Click Save Settings.

Revert to the default domains list

To revert to the default list of domains and reset the Production DNS IP address:

  1. Select System > Settings.
  2. Expand the Control folder and click Allowed Domains.
  3. Click Revert to Defaults.
  4. Click Save Settings.