Fortinet black logo

Administration Guide

Connectivity configuration

Copy Link
Copy Doc ID 825689eb-200d-11e9-b6f6-f8bc1258b856:493756
Download PDF

Connectivity configuration

To access the Admin user interface that is available through a web browser, the appliances use the "nac" alias to identify which IP Address/hostname will be allowed in the URL.

In High Availability configurations entries for the "nac" alias are entered automatically in the /etc/hosts file for your FortiNAC Server appliances. Each of the appliances in the High Availability configuration must be resolvable in the DNS or you must enter them in the hosts file of your administration PC. Make sure the entries contain the IP address, the fully qualified domain name (FQDN), and the short name.

Example:

192.168.10.1 ApplianceName.Subdomain ApplianceName

Consider the following:
  • If the appliance is a FortiNAC Control Manager there should be no nac alias entry in the /etc/hosts file. Use either the shared or individual IP address to access this server.
  • If the High Availability appliances are being managed by the FortiNAC Control Manager, verify that none of the appliances have an entry for nac alias in the /etc/hosts file. Using nac alias in this configuration would stop the FortiNAC Control Manager from accessing the appliances it manages. To access the managed appliances use either the direct or shared IP address.
  • If the High Availability appliances are not being managed by the FortiNAC Control Manager use these guidelines:
    • If the appliance is a FortiNAC Server, verify that the nac alias is mapped nac alias to the shared IP address. Use the shared IP address (or shared host name) in the URL.
    • If the appliance is the FortiNAC Control Server or FortiNAC Control Manager, verify that the nac alias has been removed from the /etc/hosts file and use the shared or the individual IP addresses (or host names) in the URL.
Note

The 'nac' alias must not be included in DNS. For example, do not use an alias like "nac.abc.def.com" anywhere in DNS.

Connectivity configuration

To access the Admin user interface that is available through a web browser, the appliances use the "nac" alias to identify which IP Address/hostname will be allowed in the URL.

In High Availability configurations entries for the "nac" alias are entered automatically in the /etc/hosts file for your FortiNAC Server appliances. Each of the appliances in the High Availability configuration must be resolvable in the DNS or you must enter them in the hosts file of your administration PC. Make sure the entries contain the IP address, the fully qualified domain name (FQDN), and the short name.

Example:

192.168.10.1 ApplianceName.Subdomain ApplianceName

Consider the following:
  • If the appliance is a FortiNAC Control Manager there should be no nac alias entry in the /etc/hosts file. Use either the shared or individual IP address to access this server.
  • If the High Availability appliances are being managed by the FortiNAC Control Manager, verify that none of the appliances have an entry for nac alias in the /etc/hosts file. Using nac alias in this configuration would stop the FortiNAC Control Manager from accessing the appliances it manages. To access the managed appliances use either the direct or shared IP address.
  • If the High Availability appliances are not being managed by the FortiNAC Control Manager use these guidelines:
    • If the appliance is a FortiNAC Server, verify that the nac alias is mapped nac alias to the shared IP address. Use the shared IP address (or shared host name) in the URL.
    • If the appliance is the FortiNAC Control Server or FortiNAC Control Manager, verify that the nac alias has been removed from the /etc/hosts file and use the shared or the individual IP addresses (or host names) in the URL.
Note

The 'nac' alias must not be included in DNS. For example, do not use an alias like "nac.abc.def.com" anywhere in DNS.