Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiGate Endpoint Management Integration

    Home FortiNAC-F 7.2.0 FortiGate Endpoint Management Integration
    7.2.0
    7.6.0
    7.4.0
    7.2.0

    How it Works

    How it Works

    Visibility

    FortiNAC learns where endpoints are connected on the network using the following methods:

    • RADIUS communication

    • Device Detection SNMP traps

    • L2 Polling (MAC address table read)

    • L3 Polling (ARP cache read)

    Control FortiWiFi Connections: FortiNAC provisions a wireless device’s network access by assigning VLANs during RADIUS authentication. In addition, firewall policies can be applied to the connected device’s session.

    Control Wired Interfaces: FortiNAC provisions a wired device’s network access by applying a firewall policy to the connected device’s session. VLANs are not assigned.

    FortiGates/FortiSwitches managed by FortiManager: When FortiNAC makes any changes to the FortiGate or FortiSwitch, the Fortigate/FortiSwitch updates FortiManager. This keeps FortiManager in sync.

    Device Support Methods - FortiWiFi

    Device Support Method

    Protocol

    Network Device Management/Device Discovery

    SNMP (UDP 161)

    SSH (TCP 22)

    Dynamic Connection Status

    RADIUS 802.1x or MAC-auth (UDP 1812)

    RADIUS Accounting (UDP 1813)

    L2 Poll (Collect MAC Address information)

    SSH (TCP 22)

    REST API (TCP 443 or as defined on FortiGate)

    L3 Poll (Collect IP to MAC address information)

    SNMP (UDP 161)

    SSH (TCP 22)

    REST API (TCP 443 or as defined on FortiGate)

    Provision Network Access/VLAN Assignment

    VLANs: RADIUS 802.1x or MAC-auth (UDP 1812)

    Firewall policies:

    • Fortinet Security Fabric (FSSO) (TCP 8000 (Private Protocol))

    • CLI (SSH TCP 22)

    De-auth

    RADIUS Disconnect (UDP 3799)

    RADIUS Change of Authentication (CoA) (UDP 3799)

    Device Support Methods – Wired Interfaces

    Device Support Method

    Protocol

    Network Device Management/Device Discovery

    SNMP (UDP 161)

    SSH (TCP 22)

    Dynamic Connection Status

    RADIUS 802.1x or MAC-auth (UDP 1812)

    RADIUS Accounting (UDP 1813)

    Device Detection SNMP Trap

    L2 Poll (Collect MAC Address information)

    SSH (TCP 22)

    REST API (TCP 443 default)

    L3 Poll (Collect IP to MAC address information)

    SNMP (UDP 161)

    SSH (TCP 22)

    REST API (TCP 443 default)

    Provision Network Access/VLAN Assignment

    Firewall policies:

    • Fortinet Security Fabric (FSSO) (TCP 8000 (Private Protocol))

    • CLI (SSH TCP 22)
    Previous
    Next

    How it Works

    How it Works

    Visibility

    FortiNAC learns where endpoints are connected on the network using the following methods:

    • RADIUS communication

    • Device Detection SNMP traps

    • L2 Polling (MAC address table read)

    • L3 Polling (ARP cache read)

    Control FortiWiFi Connections: FortiNAC provisions a wireless device’s network access by assigning VLANs during RADIUS authentication. In addition, firewall policies can be applied to the connected device’s session.

    Control Wired Interfaces: FortiNAC provisions a wired device’s network access by applying a firewall policy to the connected device’s session. VLANs are not assigned.

    FortiGates/FortiSwitches managed by FortiManager: When FortiNAC makes any changes to the FortiGate or FortiSwitch, the Fortigate/FortiSwitch updates FortiManager. This keeps FortiManager in sync.

    Device Support Methods - FortiWiFi

    Device Support Method

    Protocol

    Network Device Management/Device Discovery

    SNMP (UDP 161)

    SSH (TCP 22)

    Dynamic Connection Status

    RADIUS 802.1x or MAC-auth (UDP 1812)

    RADIUS Accounting (UDP 1813)

    L2 Poll (Collect MAC Address information)

    SSH (TCP 22)

    REST API (TCP 443 or as defined on FortiGate)

    L3 Poll (Collect IP to MAC address information)

    SNMP (UDP 161)

    SSH (TCP 22)

    REST API (TCP 443 or as defined on FortiGate)

    Provision Network Access/VLAN Assignment

    VLANs: RADIUS 802.1x or MAC-auth (UDP 1812)

    Firewall policies:

    • Fortinet Security Fabric (FSSO) (TCP 8000 (Private Protocol))

    • CLI (SSH TCP 22)

    De-auth

    RADIUS Disconnect (UDP 3799)

    RADIUS Change of Authentication (CoA) (UDP 3799)

    Device Support Methods – Wired Interfaces

    Device Support Method

    Protocol

    Network Device Management/Device Discovery

    SNMP (UDP 161)

    SSH (TCP 22)

    Dynamic Connection Status

    RADIUS 802.1x or MAC-auth (UDP 1812)

    RADIUS Accounting (UDP 1813)

    Device Detection SNMP Trap

    L2 Poll (Collect MAC Address information)

    SSH (TCP 22)

    REST API (TCP 443 default)

    L3 Poll (Collect IP to MAC address information)

    SNMP (UDP 161)

    SSH (TCP 22)

    REST API (TCP 443 default)

    Provision Network Access/VLAN Assignment

    Firewall policies:

    • Fortinet Security Fabric (FSSO) (TCP 8000 (Private Protocol))

    • CLI (SSH TCP 22)
    Previous
    Next