Fortinet white logo
Fortinet white logo

Administration Guide

DNS configuration

DNS configuration

The FortiNAC Server and FortiNAC Control Server appliances use Common Object Request Broker Architecture (CORBA) to communicate between the web server and the browser. Within the FortiNAC Server and FortiNAC Control Server appliances, CORBA uses the sub-domain or hostnames (short names), not IP addresses, to communicate between the browser and server. The administrator's host and the FortiNAC Server and FortiNAC Control Server appliance hostname must be in DNS.

If DNS is not available, then each administrator's host must have a host entry for the FortiNAC Server and FortiNAC Control Server appliances.

If you have security enabled, you cannot use the fully qualified domain name (FQDN) of the FortiNAC Server or FortiNAC Application Server. You must use the short name instead. If the FQDN is used and the administrator's host is using the Persistent Agent, the agent cannot communicate with the FortiNAC appliances. This could prevent the Administrator from registering the host.

The 'nac' alias must not be included in DNS. For example, do not use an alias like "nac.abc.def.com" anywhere in DNS.

Windows

  1. Edit the hosts file on the system. The hosts file is usually in the following directory: C:\windows\system32\drivers\etc\hosts.
  2. Add this entry to the Hosts file:

    XXX.XXX.XXX.XXX Short_Name

    or

    XXX.XXX.XXX.XXX host_name

    Example:

    192.168.10.1 qa233

  3. Reboot the computer after you change the hosts file.

    Having multiple interfaces on the Administrator workstation can sometimes cause DNS problems, depending on the interface configuration settings.

Sample Windows hosts file

# Copyright (c) 1993-1999 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to hostnames. Each entry

# should be kept on an individual line. The IP address should be placed in the first

# column followed by the corresponding hostname followed by the short name.

# The IP address, the hostname, and the short name should be separated by

# at least one space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the hostname denoted by a '#' symbol.

#

# For example:

#

# XXX.XXX.XXX.XXX host.domain.com # source server

# XXX.XXX.XXX.XXX host_name # x client host

127.0.0.1 localhost

Linux

  1. Edit the hosts file on the system. The hosts file is usually in the following directory: /etc/hosts
  2. Add this entry to the Hosts file:

    XXX.XXX.XXX.XXX Short_Name

    Example:

    192.168.10.10 qa233

There is no need to reboot the system.

macOS

  1. Locate the file named hosts in /etc folder.

    If the file does not exist, create one with a text editor. The hosts file contains information regarding the known hosts on the network.

    Separate the entries on each line with tabs. Do not use spaces. A # indicates the beginning of a comment; characters up to the end of the line are not interpreted by routines which search the file.

    Use a single line for each host file. Make sure each host line contains the Internet address of the host, the fully qualified hostname, and the Alias.

    Example:

    xxx.xxx.xxx.xxx Qualified_Host_Name Alias

  2. Reboot the computer after you have edited and saved the hosts file.

DNS configuration

DNS configuration

The FortiNAC Server and FortiNAC Control Server appliances use Common Object Request Broker Architecture (CORBA) to communicate between the web server and the browser. Within the FortiNAC Server and FortiNAC Control Server appliances, CORBA uses the sub-domain or hostnames (short names), not IP addresses, to communicate between the browser and server. The administrator's host and the FortiNAC Server and FortiNAC Control Server appliance hostname must be in DNS.

If DNS is not available, then each administrator's host must have a host entry for the FortiNAC Server and FortiNAC Control Server appliances.

If you have security enabled, you cannot use the fully qualified domain name (FQDN) of the FortiNAC Server or FortiNAC Application Server. You must use the short name instead. If the FQDN is used and the administrator's host is using the Persistent Agent, the agent cannot communicate with the FortiNAC appliances. This could prevent the Administrator from registering the host.

The 'nac' alias must not be included in DNS. For example, do not use an alias like "nac.abc.def.com" anywhere in DNS.

Windows

  1. Edit the hosts file on the system. The hosts file is usually in the following directory: C:\windows\system32\drivers\etc\hosts.
  2. Add this entry to the Hosts file:

    XXX.XXX.XXX.XXX Short_Name

    or

    XXX.XXX.XXX.XXX host_name

    Example:

    192.168.10.1 qa233

  3. Reboot the computer after you change the hosts file.

    Having multiple interfaces on the Administrator workstation can sometimes cause DNS problems, depending on the interface configuration settings.

Sample Windows hosts file

# Copyright (c) 1993-1999 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to hostnames. Each entry

# should be kept on an individual line. The IP address should be placed in the first

# column followed by the corresponding hostname followed by the short name.

# The IP address, the hostname, and the short name should be separated by

# at least one space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the hostname denoted by a '#' symbol.

#

# For example:

#

# XXX.XXX.XXX.XXX host.domain.com # source server

# XXX.XXX.XXX.XXX host_name # x client host

127.0.0.1 localhost

Linux

  1. Edit the hosts file on the system. The hosts file is usually in the following directory: /etc/hosts
  2. Add this entry to the Hosts file:

    XXX.XXX.XXX.XXX Short_Name

    Example:

    192.168.10.10 qa233

There is no need to reboot the system.

macOS

  1. Locate the file named hosts in /etc folder.

    If the file does not exist, create one with a text editor. The hosts file contains information regarding the known hosts on the network.

    Separate the entries on each line with tabs. Do not use spaces. A # indicates the beginning of a comment; characters up to the end of the line are not interpreted by routines which search the file.

    Use a single line for each host file. Make sure each host line contains the Internet address of the host, the fully qualified hostname, and the Alias.

    Example:

    xxx.xxx.xxx.xxx Qualified_Host_Name Alias

  2. Reboot the computer after you have edited and saved the hosts file.