Fortinet black logo

FortiNAC Deployment Guide

Home FortiNAC-F 7.2.0 FortiNAC Deployment Guide
7.2.0
7.2.0

Open Ports

Open Ports

To ensure proper functionality, customers must ensure FortiNAC is able to communicate. This requires specific configuration both on the network and within FortiNAC itself:

On the Network

The number of open (listening) TCP/UDP ports configured by default on the FortiNAC appliance is based on current best practices. These ports are kept to a minimum to provide maximum security by explicitly restricting unnecessary access from the outside. The best practice is to keep the number of open ports to a minimum, and block all other ports. If there is a need to provide users access to network resources through a static port (e.g., from outside a firewall), the best option is to allow users to connect by VPN.

Related Documents

http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml

FNC-CAX and FNC-MX Products

The FortiNAC software runs on top of the FortiNAC-OS operating system. For security purposes, FortiNAC-OS does not have any open (listening) TCP/UDP ports configured by default. Access must be configured using the "set allowaccess" command via the appliance CLI. The ports that must be enabled depend upon the features required.

Configuration instructions include adding the appropriate "allowaccess" option in the CLI. Alternatively, once the server has been build/installed, customers can configure all the "allowaccess" options required for the desired features at once.

For a complete listing of required open ports on the network and corresponding "allowaccess" options, see Open ports in the Administration Guide.

Previous
Next

Open Ports

To ensure proper functionality, customers must ensure FortiNAC is able to communicate. This requires specific configuration both on the network and within FortiNAC itself:

On the Network

The number of open (listening) TCP/UDP ports configured by default on the FortiNAC appliance is based on current best practices. These ports are kept to a minimum to provide maximum security by explicitly restricting unnecessary access from the outside. The best practice is to keep the number of open ports to a minimum, and block all other ports. If there is a need to provide users access to network resources through a static port (e.g., from outside a firewall), the best option is to allow users to connect by VPN.

Related Documents

http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml

FNC-CAX and FNC-MX Products

The FortiNAC software runs on top of the FortiNAC-OS operating system. For security purposes, FortiNAC-OS does not have any open (listening) TCP/UDP ports configured by default. Access must be configured using the "set allowaccess" command via the appliance CLI. The ports that must be enabled depend upon the features required.

Configuration instructions include adding the appropriate "allowaccess" option in the CLI. Alternatively, once the server has been build/installed, customers can configure all the "allowaccess" options required for the desired features at once.

For a complete listing of required open ports on the network and corresponding "allowaccess" options, see Open ports in the Administration Guide.

Previous
Next