Description
This article describes the behavior where a MAC Address is not detected when a client connects over managed VPN.
This can occur when Agent information is either not received or not processed.
Scope
FortiAC version 8.x, and 9.x.
Solution
Step 1: Ensure the agent traffic is reaching the appliance.
Step 2: If agent the traffic is reaching the appliance, enable debug for Agent communication. In appliance CLI type:
nacdebug –name PersistentAgent true <----- If using Persistent Agent.
nacdebug –name AgentServer true <----- If using Dissolvable Agent.
tail -F /bsc/logs/output.nessus
Step 3: Have client connect.
Step 4: Type Ctrl-C to stop tail.
Step 5: Disable debug:
nacdebug –name PersistentAgent false
nacdebug –name AgentServer false
Step 6: In /bsc/logs/output.nessus output, look for ‘PAConnectionStatus’. There should be messages for the MAC address for the remote user.