The license key installed on your FortiNAC controls both the feature set that is enabled and the number of managed hosts, users and devices.
The following licenses are available:
- Base: Network discovery, host profiling, and classification.
- Plus: Host registration, scanning, and access control, along with all base features.
- Pro: ATR (Automated Threat Response), along with all plus and base features.
All licenses include high availability.
If you exceed your license count, a small time buffer is included to give you to purchase additional licenses. When this buffer is exceeded, FortiNAC does the following:
- No new registrations are allowed.
- Attempts at new registrations are presented with the message Exceeded concurrent connection license limit.
- Rogues, at-risk, and disabled hosts continue to be placed in isolation as they normally would be.
- Existing registered hosts and devices continue to have network access.
- Network Access provisioning based on policy will not occur
The count of concurrent licenses is based on the total number of concurrent connections to your network that are managed by FortiNAC.There may be parts of your network that are not managed by FortiNAC.
This count includes hosts, servers or devices that are online on your network at any given time. When a host, server or device disconnects from the network, the license is released and can be used for another connection. For example, you may have 1000 hosts in your database but if only 100 are connected, then only 100 licenses are used.
A registered host will use a license if the host is seen by FortiNAC to be online, even if the host is not on an enforced port. When a registered host shows online, even if no one is logged on, a license is still used. When the licenses run out, no new devices can register and access the network.
The following devices use a concurrent license when connected:
- Online hosts in the host view (including registered hosts and IP phones)
- Online, non-infrastructure devices in topology view (servers, printers, IP phones)
The following devices don't use a concurrent license when connected:
- Rogue devices
- Switches, routers, wireless controllers and wireless access points in topology view
These licenses are based on the total number of licenses configured for ATR that are currently in use by devices connected to your network.