This article describes the behavior where a MAC Address is not detected when a client connects over managed VPN. This can occur when Agent information is either not received or not processed.
Scope
FortiAC version 8.x, and 9.x.
Solution
- Ensure the agent traffic is reaching the appliance.
- If agent the traffic is reaching the appliance, enable debug for Agent communication. In appliance CLI type:
nacdebug –name PersistentAgent true <----- If using Persistent Agent. nacdebug –name AgentServer true <----- If using Dissolvable Agent. tail -F /bsc/logs/output.nessus
- Have client connect.
- Type Ctrl-C to stop tail.
- Disable debug:
nacdebug –name PersistentAgent false nacdebug –name AgentServer false
- In /bsc/logs/output.nessus output, look for ‘PAConnectionStatus’. There should be messages for the MAC address for the remote user.