Exam NSE5_FNC_AD_7.6 Topic 3 Question 25 Discussion
Actual exam question for Fortinet's NSE5_FNC_AD_7.6 exam
Question #: 25
Topic #: 3
Question #: 25
Topic #: 3
An administrator wants to control user access to corporate resources by integrating FortiNAC-F with FortiGate using firewall tags defined on FortiNAC-F.
Where would the administrator assign the firewall tag value that will be sent to FortiGate?
Where would the administrator assign the firewall tag value that will be sent to FortiGate?
Suggested Answer: B Vote an answer
Questio ns no: 9
Verified Answe r: B
Comprehensive and Detailed 250 to 300 words each Explanation with Exact Matched Extract from FortiNAC-F Administrator library and documentation for current versions (including F 7.2, 7.4, and 7.6) documents:
In FortiNAC-F, the integration with FortiGate for Security Fabric and Single Sign-On (FSSO) allows the system to communicate the access level of an endpoint directly to the firewall using firewall tags. This eliminates the need for complex VLAN steering in some environments by allowing the FortiGate to apply policies based on these dynamic tags instead of just a physical or virtual network segment.
The actual assignment of the firewall tag value occurs within a Logical Network. In the FortiNAC-F architectural model, a Logical Network acts as a container for "Access Values". When an administrator configures a Logical Network (located under Network > Logical Networks), they define what that network represents-such as "Corporate Access" or "Contractor Limited". Within that definition, they assign the specific Firewall Tag that matches the tag created on the FortiGate. Once a user or host matches a Network Access Policy, FortiNAC-F identifies the associated Logical Network and pushes the defined tag to the FortiGate via the FSSO connector.
It is important to note that while Network Access Policies (and by extension Security Rules) are the logic engines that trigger the assignment, they do not hold the tag value itself. They simply point to a Logical Network, which serves as the central repository for that specific access configuration.
"To assign firewall tags, navigate to Network > Logical Networks. Select the desired logical network and click Edit. Under the Access Value section, select Firewall Tag as the type and enter the tag name exactly as it appears on the FortiGate. When a Network Access Policy matches a host, FortiNAC sends this tag to the FortiGate as an FSSO message." - FortiNAC-F Administration Guide: Logical Networks and Security Fabric Integration.
Verified Answe r: B
Comprehensive and Detailed 250 to 300 words each Explanation with Exact Matched Extract from FortiNAC-F Administrator library and documentation for current versions (including F 7.2, 7.4, and 7.6) documents:
In FortiNAC-F, the integration with FortiGate for Security Fabric and Single Sign-On (FSSO) allows the system to communicate the access level of an endpoint directly to the firewall using firewall tags. This eliminates the need for complex VLAN steering in some environments by allowing the FortiGate to apply policies based on these dynamic tags instead of just a physical or virtual network segment.
The actual assignment of the firewall tag value occurs within a Logical Network. In the FortiNAC-F architectural model, a Logical Network acts as a container for "Access Values". When an administrator configures a Logical Network (located under Network > Logical Networks), they define what that network represents-such as "Corporate Access" or "Contractor Limited". Within that definition, they assign the specific Firewall Tag that matches the tag created on the FortiGate. Once a user or host matches a Network Access Policy, FortiNAC-F identifies the associated Logical Network and pushes the defined tag to the FortiGate via the FSSO connector.
It is important to note that while Network Access Policies (and by extension Security Rules) are the logic engines that trigger the assignment, they do not hold the tag value itself. They simply point to a Logical Network, which serves as the central repository for that specific access configuration.
"To assign firewall tags, navigate to Network > Logical Networks. Select the desired logical network and click Edit. Under the Access Value section, select Firewall Tag as the type and enter the tag name exactly as it appears on the FortiGate. When a Network Access Policy matches a host, FortiNAC sends this tag to the FortiGate as an FSSO message." - FortiNAC-F Administration Guide: Logical Networks and Security Fabric Integration.
by Valentina at Mar 04, 2026, 10:40 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).