Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiNAC Deployment Guide

    Home FortiNAC-F 7.2.0 FortiNAC Deployment Guide
    7.2.0
    7.6.0
    7.2.0

    Overview

    Overview

    The information contained in this document provides the steps necessary for deploying a new FortiNAC appliance in a network. It applies to the products listed in the chart below.

    For a general overview of FortiNAC and its functionality, refer to the Concept Guide.

    Product

    Description

    Name: FortiNAC-Manager-eXtended-VM

    SKU: FNC-MX-VM

    FortiNAC Manager next-gen Virtual Server

    Name: FortiNAC-Control-and-Application-eXtended-VM

    SKU: FNC-CAX-VM

    FortiNAC Control and Application next-gen Virtual Server

    This guide references other documents located in the Fortinet Document Library as necessary for more detailed information or instruction.

    Important: Steps are cumulative and should be executed in the specified order.

    Deployment Procedure Overview

    1. Appliance Installation - Build virtual appliances.

    2. SSL Certificates - Generate and install SSL certificates on all appliances.

    3. High Availability - Optional. Configure FortiNAC appliances to operate in Active/Passive mode.

    4. FortiNAC Manager - Optional. Configure FortiNAC Manager to manage multiple appliances at various sites.

    5. Software Upgrade - Upgrade appliance(s) to the latest FortiNAC software version.

    6. System Settings - Configure system level settings in the Administration UI.

    7. Network Visibility - Configure FortiNAC to communicate with the wired infrastructure devices in order to gather basic information about connecting endpoints.

    8. Endpoint Visibility - Establish trust with connecting endpoints.

    9. Endpoint Compliance - Ensure that connecting computers comply with endpoint posture assessment requirements.

    10. Control - Configure FortiNAC to automatically provision the appropriate network access to connecting endpoints.

    Terminology

    Term

    Definition

    FortiNAC Management Interface

    Configured on the port1 interface of the appliance.

    Functions:

    • Access to the Administration UI (interface where FortiNAC components and configurations are viewed/modified)

    • Network infrastructure communication for network visibility and control

    • SNMP trap receiver

    • DHCP traffic receiver from production network for fingerprinting

    • FortiCloud communication (software updates/License entitlements/IoT data collection)

    • Server communication (environments using High Availability and/or FortiNAC Manager)

    • Fortinet Dissolvable and Persistent Agent communication for production network

    “Isolation” VLAN

    Used for network segmentation of unknown and untrusted endpoints. Provides limited network access

    Available "isolation" VLANs include:

    • Isolation

    • Registration

    • Remediation

    • Dead End

    • Virtual Private Network (VPN)

    • Authentication

    • Access Point Management

    FortiNAC Service Network Interface

    Configured on the port2 interface of the appliance. Serves DHCP, DNS and the Captive Portal to the “isolation” VLANs

    FortiNAC Service Network VLAN

    VLAN where the FortiNAC Service Network Interface resides in L3 Network Configurations. For more information, see Determine FortiNAC Service Configuration (Network Type) in the Appendix

    Requirements

    The Requirements Task List in the Appendix outline the requirements that must be in place in order for that specific step to be completed. The length of time it takes to complete deployment is dependent upon each customer, their requirements and time constraints. Customers can complete all requirements prior to deployment, or during the deployment as time permits for those requirements not needed until later steps.

    Previous
    Next

    Overview

    Overview

    The information contained in this document provides the steps necessary for deploying a new FortiNAC appliance in a network. It applies to the products listed in the chart below.

    For a general overview of FortiNAC and its functionality, refer to the Concept Guide.

    Product

    Description

    Name: FortiNAC-Manager-eXtended-VM

    SKU: FNC-MX-VM

    FortiNAC Manager next-gen Virtual Server

    Name: FortiNAC-Control-and-Application-eXtended-VM

    SKU: FNC-CAX-VM

    FortiNAC Control and Application next-gen Virtual Server

    This guide references other documents located in the Fortinet Document Library as necessary for more detailed information or instruction.

    Important: Steps are cumulative and should be executed in the specified order.

    Deployment Procedure Overview

    1. Appliance Installation - Build virtual appliances.

    2. SSL Certificates - Generate and install SSL certificates on all appliances.

    3. High Availability - Optional. Configure FortiNAC appliances to operate in Active/Passive mode.

    4. FortiNAC Manager - Optional. Configure FortiNAC Manager to manage multiple appliances at various sites.

    5. Software Upgrade - Upgrade appliance(s) to the latest FortiNAC software version.

    6. System Settings - Configure system level settings in the Administration UI.

    7. Network Visibility - Configure FortiNAC to communicate with the wired infrastructure devices in order to gather basic information about connecting endpoints.

    8. Endpoint Visibility - Establish trust with connecting endpoints.

    9. Endpoint Compliance - Ensure that connecting computers comply with endpoint posture assessment requirements.

    10. Control - Configure FortiNAC to automatically provision the appropriate network access to connecting endpoints.

    Terminology

    Term

    Definition

    FortiNAC Management Interface

    Configured on the port1 interface of the appliance.

    Functions:

    • Access to the Administration UI (interface where FortiNAC components and configurations are viewed/modified)

    • Network infrastructure communication for network visibility and control

    • SNMP trap receiver

    • DHCP traffic receiver from production network for fingerprinting

    • FortiCloud communication (software updates/License entitlements/IoT data collection)

    • Server communication (environments using High Availability and/or FortiNAC Manager)

    • Fortinet Dissolvable and Persistent Agent communication for production network

    “Isolation” VLAN

    Used for network segmentation of unknown and untrusted endpoints. Provides limited network access

    Available "isolation" VLANs include:

    • Isolation

    • Registration

    • Remediation

    • Dead End

    • Virtual Private Network (VPN)

    • Authentication

    • Access Point Management

    FortiNAC Service Network Interface

    Configured on the port2 interface of the appliance. Serves DHCP, DNS and the Captive Portal to the “isolation” VLANs

    FortiNAC Service Network VLAN

    VLAN where the FortiNAC Service Network Interface resides in L3 Network Configurations. For more information, see Determine FortiNAC Service Configuration (Network Type) in the Appendix

    Requirements

    The Requirements Task List in the Appendix outline the requirements that must be in place in order for that specific step to be completed. The length of time it takes to complete deployment is dependent upon each customer, their requirements and time constraints. Customers can complete all requirements prior to deployment, or during the deployment as time permits for those requirements not needed until later steps.

    Previous
    Next