Questions no:9

Verified Answer: B

Comprehensive and Detailed 250 to 300 words each Explanation with Exact Matched Extract from FortiNAC-F Administrator library and documentation for current versions (including F 7.2, 7.4, and 7.6) documents:

In FortiNAC-F, the integration with FortiGate for Security Fabric and Single Sign-On (FSSO) allows the system to communicate the access level of an endpoint directly to the firewall usingfirewall tags. This eliminates the need for complex VLAN steering in some environments by allowing the FortiGate to apply policies based on these dynamic tags instead of just a physical or virtual network segment.

The actual assignment of the firewall tag value occurs within aLogical Network. In the FortiNAC-F architectural model, a Logical Network acts as a container for " Access Values " . When an administrator configures a Logical Network (located underNetwork > Logical Networks), they define what that network represents—such as " Corporate Access " or " Contractor Limited " . Within that definition, they assign the specificFirewall Tagthat matches the tag created on the FortiGate. Once a user or host matches aNetwork Access Policy, FortiNAC-F identifies the associated Logical Network and pushes the defined tag to the FortiGate via the FSSO connector.

It is important to note that whileNetwork Access Policies(and by extensionSecurity Rules) are the logic engines thattriggerthe assignment, they do not hold the tag value itself. They simply point to a Logical Network, which serves as the central repository for that specific access configuration.

" To assign firewall tags, navigate toNetwork > Logical Networks. Select the desired logical network and clickEdit. Under theAccess Valuesection, selectFirewall Tagas the type and enter the tag name exactly as it appears on the FortiGate. When a Network Access Policy matches a host, FortiNAC sends this tag to the FortiGate as an FSSO message. " —FortiNAC-F Administration Guide: Logical Networks and Security Fabric Integration.