Fortinet black logo

Administration Guide

Licenses

Copy Link
Copy Doc ID dc02a854-ab11-11ea-8b7d-00505692583a:90778
Download PDF

Licenses

The license key installed on your FortiNAC controls both the feature set that is enabled and the number of managed hosts, users and devices.

Types

The following licenses are available:

  • Base: Network discovery, host profiling, and classification.
  • Plus: Host registration, scanning, and access control, along with all base features.
  • Pro: Automated Threat Response (ATR), along with all plus and base features.

All licenses include high availability.

License count

There are two types of license counts on FortiNAC: concurrent licenses and ATR licenses. License usage information is displayed on the Dashboard and License management.

If you exceed your license count, a small time buffer is included to give you to purchase additional licenses. When this buffer is exceeded, FortiNAC does the following:

  • No new registrations are allowed.
  • Attempts at new registrations are presented with the message Exceeded concurrent connection license limit.
  • Rogues, at-risk, and disabled hosts continue to be placed in isolation as they normally would be.
  • Existing registered hosts and devices continue to have network access.
  • Network Access provisioning based on policy will not occur

Concurrent licenses

The count of concurrent licenses is based on the total number of concurrent connections to your network that are managed by FortiNAC.There may be parts of your network that are not managed by FortiNAC.

This count includes hosts, servers or devices that are online on your network at any given time. When a host, server or device disconnects from the network, the license is released and can be used for another connection. For example, you may have 1000 hosts in your database but if only 100 are connected, then only 100 licenses are used.

A registered host will use a license if the host is seen by FortiNAC to be online, even if the host is not on an enforced port. When a registered host shows online, even if no one is logged on, a license is still used. When the licenses run out, no new devices can register and access the network.

The following devices use a concurrent license when connected:

  • Online hosts in the Host View (including registered hosts and IP phones)
  • Online, non-infrastructure devices in Topology (servers, printers, IP phones)

The following devices don't use a concurrent license when connected:

  • Rogue devices
  • Switches, routers, wireless controllers and wireless access points in Topology

ATR licenses

These licenses are based on the total number of licenses configured for ATR that are currently in use by devices connected to your network.

Entitlements

Additional services at no cost come with licenses and are shown as entitlements in the license dashboard.

Entitlement

Description

Telephone Support Global toll-free technical support available 24/7 over telephone.
IoT Detection Access to database of devices through the cloud-look up service hosted by FortiGuard Labs used by FortiNAC to identify devices.
Vulnerability Management Vulnerability analysis and remediation for potential security weakness.
Firmware & General Updates Firmware updates and weekly network device database updates to keep deployments up to date.
Enhanced Support 24/7 FortiCare Enhanced Support that includes real-time ticket system, interactive chat features, and return/replace hardware support.

Licenses

The license key installed on your FortiNAC controls both the feature set that is enabled and the number of managed hosts, users and devices.

Types

The following licenses are available:

  • Base: Network discovery, host profiling, and classification.
  • Plus: Host registration, scanning, and access control, along with all base features.
  • Pro: Automated Threat Response (ATR), along with all plus and base features.

All licenses include high availability.

License count

There are two types of license counts on FortiNAC: concurrent licenses and ATR licenses. License usage information is displayed on the Dashboard and License management.

If you exceed your license count, a small time buffer is included to give you to purchase additional licenses. When this buffer is exceeded, FortiNAC does the following:

  • No new registrations are allowed.
  • Attempts at new registrations are presented with the message Exceeded concurrent connection license limit.
  • Rogues, at-risk, and disabled hosts continue to be placed in isolation as they normally would be.
  • Existing registered hosts and devices continue to have network access.
  • Network Access provisioning based on policy will not occur

Concurrent licenses

The count of concurrent licenses is based on the total number of concurrent connections to your network that are managed by FortiNAC.There may be parts of your network that are not managed by FortiNAC.

This count includes hosts, servers or devices that are online on your network at any given time. When a host, server or device disconnects from the network, the license is released and can be used for another connection. For example, you may have 1000 hosts in your database but if only 100 are connected, then only 100 licenses are used.

A registered host will use a license if the host is seen by FortiNAC to be online, even if the host is not on an enforced port. When a registered host shows online, even if no one is logged on, a license is still used. When the licenses run out, no new devices can register and access the network.

The following devices use a concurrent license when connected:

  • Online hosts in the Host View (including registered hosts and IP phones)
  • Online, non-infrastructure devices in Topology (servers, printers, IP phones)

The following devices don't use a concurrent license when connected:

  • Rogue devices
  • Switches, routers, wireless controllers and wireless access points in Topology

ATR licenses

These licenses are based on the total number of licenses configured for ATR that are currently in use by devices connected to your network.

Entitlements

Additional services at no cost come with licenses and are shown as entitlements in the license dashboard.

Entitlement

Description

Telephone Support Global toll-free technical support available 24/7 over telephone.
IoT Detection Access to database of devices through the cloud-look up service hosted by FortiGuard Labs used by FortiNAC to identify devices.
Vulnerability Management Vulnerability analysis and remediation for potential security weakness.
Firmware & General Updates Firmware updates and weekly network device database updates to keep deployments up to date.
Enhanced Support 24/7 FortiCare Enhanced Support that includes real-time ticket system, interactive chat features, and return/replace hardware support.