Persistent Agent on Linux
To take advantage of the Agent Security some settings must be configured on the host. Settings for Mac OS X hosts are configured in Preferences. At this time we do not have a recommendation for a tool to set preferences.
Security settings
The table below outlines settings that can be configured for Agent Security.
Setting |
Options |
---|---|
Allowed Ciphers and Authentication Schemes |
Indicates the cipher and authentication schemes that can be used. |
CA Trust Length/ Depth |
Indicates how deep a chain of certificates to allow between the server's certificate and the certificate's Central Authority. |
CA File path |
The absolute path to a file containing root and intermediate CA certificates in PEM format. |
Security |
Indicates whether security is enabled or disabled. Note: This option is no longer available with agent 5.3 and greater. Security is always enabled. |
Home Server |
The fully qualified hostname of the default server with which the agent should communicate. If this server is not set, it is automatically discovered using Server Discovery. On upgrade, this is populated by the contents of ServerIP. |
Allowed Servers |
In large environments there may be more than one set of FortiNAC servers. If roaming between servers is limited, list the FQDNs of the FortiNAC Application Server or FortiNAC Servers with which the agent can communicate. |
Restrict Roaming |
If enabled, the agent communicates only with its Home Server and servers listed under Allowed Servers. If disabled, the agent searches for additional servers when the home server is unavailable. |
maxConnectInterval |
The maximum number of seconds between attempts to connect to FortiNAC. Data Type: Integer Default: 960 |
Last Connected Server |
Server that the agent last connected to and with which the agent always attempts to communicate first. Protocol configuration change requests are honored only when they are received from this server. If this server is not set, it is automatically discovered using Server Discovery. |
Discover Servers, Priority, and Ports |
Enable or Disable the Agent Discovery Features. Requires Persistent Agent 5.3.0 or newer. |
Configuration settings
The table below shows the modifications that need to be made to the host's Preferences. If you use a tool other than GPO, you must make sure to set the appropriate keys on each host.
Value |
Data |
||
---|---|---|---|
allowedServers |
Comma-separated list of fully qualified hostnames with the agent can communicate. If restrict roaming is enabled, the agent is limited to this list. The home server does not need to be included in this list (for example, a.example.com, b.example.com, c.example.com). Data Type: String Default: Empty |
||
homeServer |
The fully qualified hostname of the default server with which the agent should communicate. Data Type: String Default: Empty |
||
restrictRoaming |
False: Do not restrict roaming. Allow agent to communicate with any server. True: Restrict roaming to the home server and the allowed servers list. Data Type: Boolean Default: False |
||
securityEnabled |
False: Disable Agent Security. True: Enable Agent Security Data Type: Boolean Default: True Agent 5.3 and greater: Security is always enabled. |
||
ServerIP |
The fully qualified hostname to which the agent should communicate. Data Type: String Default: ns8200 |
||
caFile |
The absolute path to a file containing root and intermediate CA certificates in PEM format. Data type: String Default: /etc/ssl/certs/ca-bundle.crt (RPM) or /etc/ssl/certs/ca-certificates.crt (DEB) |
||
ShowIcon |
0: Do not show the tray icon. 1: Show the tray icon. Default: Not Configured (Tray icon displayed)
|
||
maxConnectInterval |
The maximum number of seconds between attempts to connect to FortiNAC. Data Type: Integer Default: 960 |
||
macpollinterval |
The maximum number of seconds between attempts to learn of new MAC address added to the host. This is intended to facilitate the quick discovery of VM Guests that have been deployed for use with the VM-Detection feature. Data Type: Integer Default: 5 |
||
lastConnectedServer |
The last server that the Agent successfully connected to. This will be automatically populated by the agent upon successfully connection to a server discovered through SRV records, or from homeServer, or allowedServers list. This value will remain unchanged until the lastConnectedServer is unreachable by the agent and the agent has connected to another server. Data Type: String Default: Empty |
||
discoveryEnabled |
Enable or Disable Discovery via SRV. The agent will search for SRV Records to prioritize servers and override default ports. If connections to servers are not limited, agents will connect to the discovered server names as well. 0: Disable Discovery. 1: Enable Discovery Data Type: Integer Default: 1 |