Fortinet black logo

Control Manager

Manage guests in a FortiNAC Control Manager environment

Manage guests in a FortiNAC Control Manager environment

When using Guest Manager in an environment where two or more FortiNAC appliances are managed by a central FortiNAC Control Manager appliance, guest accounts are not centrally located. Guest accounts can be created on any FortiNAC appliance, but are not replicated to other FortiNAC appliances. When guests arrive, they may connect to the network in a location managed by an appliance other than the one where their accounts were created. When a guest connects to the network and tries to register, the FortiNAC appliance to which the guest is connected checks its own database for the guest's account. If the guest account exists on that FortiNAC appliance, the guest can proceed with the registration process. If the guest account does not exist, the FortiNAC Control Manager checks the other FortiNAC appliances it manages until it finds the guest account. The FortiNAC Control Manager copies the guest account from the appliance on which it was created to the appliance where the guest is attempting to connect to the network. Then the guest can continue the registration process.

Since guest records are copied and are not centrally located there are some limitations.

  • Guest accounts are only copied from one appliance to another as needed and are not synchronized at any time.
  • If a guest account is manually deleted on one FortiNAC appliance, it is not deleted from all appliances automatically.
  • Because all appliances are not kept in sync, Guest reports on FortiNAC appliance A may not show the same information as a guest report on FortiNAC appliance B. The guest may have been created on appliance A, but registered and authenticated on appliance B. A report on appliance A will not reflect the changes made to appliance B.
  • Guest accounts cannot be limited to a particular appliance or set of appliances, which would subsequently limit access to a subset of the network.
  • There is no central location where all guest records can be viewed. A best practice would be to use the same FortiNAC appliance to create all guest accounts.
  • If the FortiNAC Control Manager is not running, guests will not be able to register on any appliance that does not already contain their guest accounts.

Manage guests in a FortiNAC Control Manager environment

When using Guest Manager in an environment where two or more FortiNAC appliances are managed by a central FortiNAC Control Manager appliance, guest accounts are not centrally located. Guest accounts can be created on any FortiNAC appliance, but are not replicated to other FortiNAC appliances. When guests arrive, they may connect to the network in a location managed by an appliance other than the one where their accounts were created. When a guest connects to the network and tries to register, the FortiNAC appliance to which the guest is connected checks its own database for the guest's account. If the guest account exists on that FortiNAC appliance, the guest can proceed with the registration process. If the guest account does not exist, the FortiNAC Control Manager checks the other FortiNAC appliances it manages until it finds the guest account. The FortiNAC Control Manager copies the guest account from the appliance on which it was created to the appliance where the guest is attempting to connect to the network. Then the guest can continue the registration process.

Since guest records are copied and are not centrally located there are some limitations.

  • Guest accounts are only copied from one appliance to another as needed and are not synchronized at any time.
  • If a guest account is manually deleted on one FortiNAC appliance, it is not deleted from all appliances automatically.
  • Because all appliances are not kept in sync, Guest reports on FortiNAC appliance A may not show the same information as a guest report on FortiNAC appliance B. The guest may have been created on appliance A, but registered and authenticated on appliance B. A report on appliance A will not reflect the changes made to appliance B.
  • Guest accounts cannot be limited to a particular appliance or set of appliances, which would subsequently limit access to a subset of the network.
  • There is no central location where all guest records can be viewed. A best practice would be to use the same FortiNAC appliance to create all guest accounts.
  • If the FortiNAC Control Manager is not running, guests will not be able to register on any appliance that does not already contain their guest accounts.