The license key installed on your FortiNAC appliance controls both the feature set that is enabled and the number of hosts, users and devices that can be managed by FortiNAC.
All licenses include High Availability and requires the purchase of additional hardware or VM's
Base— Provides network discovery, host profiling and classification
Plus— Base features plus host registration, scanning and access control
Concurrent Licenses—These licenses are based on the total number of concurrent connections to your network that are managed by FortiNAC.There may be parts of your network that are not managed by FortiNAC.
Consumes a license
- Online hosts in the Host view (including registered hosts and IP Phones)
- Online, non-infrastructure devices in Topology View (servers, printers, IP Phones)
Doesn't consume a license
- Switches, routers, wireless controllers and wireless access points in Topology View
This count includes hosts, servers or devices that are online on your network at any given time. When a host, server or device disconnects from the network, the license is released and can be used for another connection. For example, you may have 1000 hosts in your database but if only 100 are connected, then only 100 licenses are used.
A registered host will use a license if the host is seen by FortiNAC to be online even if the host is not on an enforced port. When a registered host shows online, even if no one is logged on, a license is still used. When the licenses run out, no new devices can register and access the network.
ATR Licenses—These licenses are based on the total number of licenses configured for ATR that are currently in use by devices connected to your network.
A small buffer is included to give you time to purchase additional licenses. When this buffer is exceeded FortiNAC does the following:
- No new registrations are allowed.
- Attempts at new registrations are presented with the message Exceeded concurrent connection license limit.
- Rogues, at-risk, and disabled hosts continue to be placed in isolation as they normally would be.
- Existing registered hosts and devices continue to have network access.
- Network Access provisioning based on policy will not occur.