Transport configurations
Packet Transport Configurations define the methods of communication available between FortiNAC and the Persistent Agent. Each Packet Transport Configuration is defined with a unique Name and a unique combination of Bind Address, Port, and Transport Type. If no Bind Address is specified, all addresses are bound for the supplied Port. The supplied port must be in the range of 1024 to 49151 and not already in use by another service within the operating system. If the Transport Type is TCP, a TLS Service Configuration must be defined to secure the communication. Changes made to Packet Transport Configurations do not take effect immediately. The enabled configurations will begin listening when the Persistent Agent services are reloaded or FortiNAC is restarted.
TLS Service Configurations define the certificate, TLS Protocols, and Ciphers used for secure communication. The certificate can be uploaded using the certificate Management view. By checking "Automatically Update Ciphers and Protocols on Upgrade," the settings for both Ciphers and TLS Protocols will become managed by FortiNAC. Upon upgrade, the system will automatically configure the TLS Service Configuration to the latest recommended Ciphers and Protocols.
Packet transport settings
Field |
Definition |
||
Enabled |
If true, a listener will be created for this configuration on the next load of the Persistent Agent services. |
||
Name |
Unique name used to identify the configuration. |
||
Bind Address |
An optional IPv4 or IPv6 to use when listening for packets. If no address is provided, all addresses are used. |
||
Port |
The port this configuration should open a socket using. System and Dynamic ports may not be used. Valid values are in the range of 1024 to 49151. |
||
TLS Configuration |
The selected configuration for security communication with the Persistent Agent. Only TCP transports use a TLS configuration. |
||
Transport Type |
The communication protocol, either TCP or UDP, to use when communication with the Persistent Agent. |
||
Maximum Incoming Packets to Queue |
The maximum number of unprocessed packets from the Persistent Agent to retain. Any packets received while the queue is full will be discarded. |
||
Read Idle Timeout |
The maximum amount of time, in seconds, without receiving from the agent before closing the connection. |
||
Write Idle Timeout |
The maximum amount of time, in seconds, before the server will send a packet to the agent to ensure the connection is still open. |
||
Use Native Transport (Experimental) |
Use native libraries for Sockets and TLS when possible. Enable this experimental feature only if recommended. |
||
Last Modified By |
User name of the last user to modify the configuration. |
||
Last Modified Date |
Date and time of the last modification to this configuration. |
||
Right click options |
|||
Modify |
Modify the selected Packet Transport Configuration. |
||
Delete |
Deletes the selected Packet Transport Configuration. |
||
Reload Services |
Closes any existing sockets in the Persistent Agent server and creates a new series of sockets using the enabled Packet Transport Configurations. All unprocessed packets in the existing queues are dropped, allowing the Persistent Agent server to resume communication from a clean state. |
||
Show Audit Log |
Opens the admin auditing log showing all changes made to the selected item. For information about the admin auditing log, see Admin auditing.
|
TLS service settings
Field |
Definition |
||
Automatically Update Ciphers and Protocols on Upgrade |
If true, the settings for both Ciphers and TLS Protocols will become managed by FortiNAC. Upon upgrade, the system will automatically configure the TLS Service Configuration to the latest recommended Ciphers and Protocols. |
||
Name |
Unique name used to identify the configuration. |
||
Ciphers |
The Cipher Suite to use when encoding messages using TLS. At least one Cipher must be selected. Ciphers must be supported by both client and server, so disabling Ciphers may prevent some Persistent Agents from communicating. |
||
TLS Protocol |
The list of TLS Protocols to allow by the server. At least one TLS Protocol must be selected. TLS Protocols must be supported by both client and server, so disabling Protocols may prevent some Persistent Agents from communicating. |
||
Certificate Alias |
Select the certificate to use when securing communication. Certificates may be uploaded using the certificate management view. |
||
Last Modified By |
User name of the last user to modify the group. |
||
Last Modified Date |
Date and time of the last modification to this group. |
||
Right click options |
|||
Modify |
Modify the selected TLS Service Configuration. |
||
Delete |
Deletes the selected TLS Service Configuration. |
||
In Use |
Provides a list of Packet Transport Configurations that currently reference the selected TLS Service Configuration. |
||
Show Audit Log |
Opens the admin auditing log showing all changes made to the selected item. For information about the admin auditing log, see Admin auditing.
|
Add or modify packet transport configuration
- Click System > Settings.
- Expand the Persistent Agent folder.
- Select Transport Configuration from the tree.
- To modify a record: Select a Packet Transport Configuration record from the table and click Modify.
- To add a new record: Click Add at the bottom of the upper panel.
- Use the Settings for the Persistent Agent Transport Configuration topic to enter the Packet Transport Configuration information.
-
Click OK to save.
After adding or modifying a Packet Transport Configuration, the services will continue to use the previous configuration until a reload is requested or FortiNAC is restarted.
Delete packet transport configuration
- Click System > Settings.
- Expand the Persistent Agent folder.
- Select Transport Configuration from the tree.
- Select a Packet Transport Configuration record from the table
- Click Delete at the bottom of the panel.
- Click Yes on the confirmation message.
Add or modify TLS service configuration
- Click System > Settings.
- Expand the Persistent Agent folder.
- Select Transport Configuration from the tree.
- To modify a record: Select a TLS Service Configuration record from the table and click Modify.
- To add a new record: Click Add at the bottom of the lower panel.
- Use the Settings for the Persistent Agent Transport Configuration topic to enter the TLS Service Configuration information.
-
Click OK to save.
After adding or modifying a TLS Service Configuration, the Packet Transport Configuration services will continue to use the previous configuration until a reload is requested or FortiNAC is restarted.
Delete TLS service configuration
- Click System > Settings.
- Expand the Persistent Agent folder.
- Select Transport Configuration from the tree.
- Select a TLS Service Configuration record from the table
- Click Delete at the bottom of the panel.
- If one or more Packet Transport Configurations are associated with the TLS Service Configuration, you will not be able to delete it.
- Click Yes on the confirmation message.