Fortinet black logo

Administration Guide

FortiNAC Control Manager

Copy Link
Copy Doc ID 1ce38eeb-8119-11eb-9995-00505692583a:991647
Download PDF

FortiNAC Control Manager

Licensed features

In a FortiNAC Control Manager environment, each appliance has its own license key that works in combination with the license on the FortiNAC Control Manager. Licensed features, such as device profiler, integration suite, guest manager, and endpoint compliance, can be enabled for all managed appliances by including the feature in the license key for the FortiNAC Control Manager. To enable a licensed feature on a single appliance, the feature must be included in the license key for that appliance, but must not be included in the FortiNAC Control Manager license key.

License totals

License counts are shared across all managed FortiNAC appliances, but the maximum number of licenses is controlled by the FortiNAC Control Manager.

For example, if the total number of concurrent connection licenses on the FortiNAC Control Manager is 1000, any of the managed appliances can use licenses from that pool, until all 1000 have been consumed. Appliance A may use 200 and Appliance B may use 150, leaving 650 available. Dashboards for all appliances, including the FortiNAC Control Manager, would display the following:

  • Total Licenses: 1000
  • Licenses In Use: 350
  • Licenses Available: 650

Total licenses available and total licenses used are counted by the FortiNAC Control Manager and are displayed on the dashboard of all appliances.

Any number of licenses can be used on any managed appliance as long as total for all combined does not exceed the 1000 licenses configured on the FortiNAC Control Manager. This affects concurrent connection licenses.

In a multi-FortiNAC Server environment, a host that is connected to both wired and wireless FortiNAC Servers will use two licenses.

If the FortiNAC Control Manager goes down, individual FortiNAC Servers will continue to use the license counts.

License accounting for users and hosts

When users and their corresponding hosts move from one part of the network to another the FortiNAC appliance managing their network access may change. For example, if the switches on the first floor are managed by FortiNAC Appliance A and the switches on the second floor are managed by FortiNAC Appliance B, then network access control changes from Appliance A to Appliance B when a laptop is moved from the first floor to the second floor.

Hosts consume licenses when they are connected to the network. When a host is moved the license is released when the host disconnects. The same host consumes a license the next time it connects to the network regardless of where it connects.

License accounting for devices

When devices are moved from one part of the network to another the FortiNAC appliance managing their network access may change. If moving the device causes it to be managed by a different FortiNAC appliance, one license is released on the original appliance when the device disconnects from the network and then a new license is used when the device reconnects to the network. The device is included in the databases of both appliances but only consumes one license because it only has one connection.

FortiNAC Control Manager

Licensed features

In a FortiNAC Control Manager environment, each appliance has its own license key that works in combination with the license on the FortiNAC Control Manager. Licensed features, such as device profiler, integration suite, guest manager, and endpoint compliance, can be enabled for all managed appliances by including the feature in the license key for the FortiNAC Control Manager. To enable a licensed feature on a single appliance, the feature must be included in the license key for that appliance, but must not be included in the FortiNAC Control Manager license key.

License totals

License counts are shared across all managed FortiNAC appliances, but the maximum number of licenses is controlled by the FortiNAC Control Manager.

For example, if the total number of concurrent connection licenses on the FortiNAC Control Manager is 1000, any of the managed appliances can use licenses from that pool, until all 1000 have been consumed. Appliance A may use 200 and Appliance B may use 150, leaving 650 available. Dashboards for all appliances, including the FortiNAC Control Manager, would display the following:

  • Total Licenses: 1000
  • Licenses In Use: 350
  • Licenses Available: 650

Total licenses available and total licenses used are counted by the FortiNAC Control Manager and are displayed on the dashboard of all appliances.

Any number of licenses can be used on any managed appliance as long as total for all combined does not exceed the 1000 licenses configured on the FortiNAC Control Manager. This affects concurrent connection licenses.

In a multi-FortiNAC Server environment, a host that is connected to both wired and wireless FortiNAC Servers will use two licenses.

If the FortiNAC Control Manager goes down, individual FortiNAC Servers will continue to use the license counts.

License accounting for users and hosts

When users and their corresponding hosts move from one part of the network to another the FortiNAC appliance managing their network access may change. For example, if the switches on the first floor are managed by FortiNAC Appliance A and the switches on the second floor are managed by FortiNAC Appliance B, then network access control changes from Appliance A to Appliance B when a laptop is moved from the first floor to the second floor.

Hosts consume licenses when they are connected to the network. When a host is moved the license is released when the host disconnects. The same host consumes a license the next time it connects to the network regardless of where it connects.

License accounting for devices

When devices are moved from one part of the network to another the FortiNAC appliance managing their network access may change. If moving the device causes it to be managed by a different FortiNAC appliance, one license is released on the original appliance when the device disconnects from the network and then a new license is used when the device reconnects to the network. The device is included in the databases of both appliances but only consumes one license because it only has one connection.