Fortinet, Inc.
Logical network abstraction for network access control

Abstract:

Systems and methods for NAC access policy creation and reconfiguration of access points to enforce same are provided. According to one embodiment, access policies are decoupled from underlying implementation details of access points by: (i) maintaining by a NAC device an access point model that maps logical networks to corresponding enforcement action implementations for the access points; and (ii) representing the access policies in a form of a current state of a particular endpoint device and an enforcement action specified with reference to a logical network. An attribute of an endpoint is received by the NAC device based upon which a matching access policy is identified. The corresponding enforcement action implementation for the access point to which the endpoint is connected is retrieved based on the logical network specified in the matching access policy and is used to reconfigure the access point to perform the enforcement action.