In FortiNAC-F,Port Groupsare used to apply specific enforcement behaviors to switch ports. When a port is assigned to an enforcement group, such asForced RegistrationorForced Remediation, FortiNAC-F overrides normal policy logic to force all connected adapters into that specific state. The exhibit shows a port (IF#13) with "Multiple Hosts" connected, which is a common scenario in environments using unmanaged switches or hubs downstream from a managed switch port.

According to theFortiNAC-F Administrator Guide, it is possible for a single port to be a member of multiple port groups. However, when those groups have conflicting enforcement actions—such as one group forcing a registration state and another forcing a remediation state—FortiNAC-F utilizes aranking systemto resolve the conflict. In the FortiNAC-F GUI underNetwork > Port Management > Port Groups, each group is assigned a rank. The system evaluates these ranks, andonly the higher ranked enforcement group is appliedto the port. If a port is in both a Forced Registration group and a Forced Remediation group, the group with the numerical priority (rank) will dictate the VLAN and access level assigned to all hosts on that port.

This mechanism ensures consistent behavior across the fabric. If the ranking determines that "Forced Registration" is higher priority, then even a known host that is failing a compliance scan (which would normally trigger Remediation) will be held in the Registration VLAN because the port-level enforcement takes precedence based on its rank.

"A port can be a member of multiple groups. If more than one group has an enforcement assigned, the group with thehighest rank(lowest numerical value) is used to determine the enforcement for the port. When a port is placed in a group with an enforcement, that enforcement is applied toall hostsconnected to that port, regardless of the host's current state." —FortiNAC-F Administration Guide: Port Group Enforcement and Ranking.