Fortinet FortiNac BFN320, Руководство по установке

Страница: 34 / 50

Field Definition
Gateway
This field is optional and does not need to be configured if the appliance and all of the
managed devices are on the same subnet.
If the appliance and any managed devices are on different subnets, enter the IP
address of the routing device. A gateway is the device that passes traffic from the local
subnet to devices on other subnets.
Routes are automatically created for each Isolation Subnet to the Isolation Gateway.
Routes traffic through eth1.
Isolation Scopes
Label
User specified name for the scope. Can be associated with a location, such as
Building-B, or a function within the organization, such as Accounting.
Note: When setting up Layer 3 Network Configurations in the Configuration
Wizard, labels of DHCP Scopes should not begin with any of these strings:
"REG_", "REM_", "AUTH_", "DE_", "ISOL_", "VPN_", or "HUB_". These
are reserved.
Gateway
Default gateway for the client lease pool you are adding. Do not use the default
gateway for eth1.
Mask
Subnet mask for the default gateway.
Domain
Identifies the domain for this range of IP addresses. To help identify the VLAN,
incorporate part of the name in the domain. For example, for the isolation VLAN use
megatech-iso.com or for the registration VLAN use megatech-reg.com.
Note: Note: If you use agents for OS X, iOS, and some Linux systems,
using a .local suffix in Domain fields may cause communications issues.
Example:
Incorrect dns suffix for reg: tech-reg.megatech.local
Correct dns suffix for reg: tech.megatech-reg.edu
Lease Pools
Starting and ending IP addresses that delineate the range of IP addresses available on
this route. You can use multiple ranges.
Lease Time
Lease Time in
seconds
Time in seconds that an IP address is available for use. When this time has elapsed
the user is served a new IP address. The recommended lease time for Isolation,
Registration, Remediation, Dead End, VPN and Authentication is 60 seconds.
Isolation IP Subnets
Subnets
IP Subnets are optional and used in situations like Client control via FlexCLI or roles
only Aruba/Xirrus integration.
List of IP Addresses and corresponding Subnet Masks indicating IP addresses for
which FortiNac will serve DNS. Should only be used for hosts that are being isolated by
FortiNac.
Can be any address on any subnet, as long as the same address is added to the filters
as an isolation address when configuring the device.
Layer 3 Network - Configure Route Scopes
31