Fortinet white logo
Fortinet white logo

Administration Guide

Supplicant configurations

Supplicant configurations

Supplicant configurations define an SSID and security parameters required to configure the native supplicant available on a connecting host as part of its operating system. The supplicant configuration that is used for a particular host is determined by the pairing of a supplicant configuration and a user/host profile within a supplicant policy.

When a host connects to the network and requires the use of a supplicant, the host and user data are compared to each supplicant policy starting with the first policy in the list. When a policy is found where the host and user data match the user/host profile in the policy, that policy is applied. The supplicant configuration contained within that policy configures the supplicant on the host.

The host supplicant configuration setup process is as follows:

  1. Host connects to the network.
  2. Host connects to an open SSID based on the operating system of the host. If authenticating through LDAP, the user must be in the selected directory group configured in the SSID mapping. You configure SSID mapping with a supplicant configuration.
  3. If the user is on a Windows or macOS device, the user downloads either the Persistent Agent or the Dissolvable Agent. The agent applies the Supplicant Configuration after scanning and registering the host.
  4. If the user is on an Android device, the user downloads and runs the Mobile Agent. The agent applies the Supplicant Configuration after scanning and registering the host. See Mobile Agent for download requirements.
  5. FortiNAC compares user and host data to supplicant policies and finds the first match starting from the top of the list of policies.
  6. The user registers or authenticates.
  7. The supplicant configuration is applied.
  8. The Agent attempts to move the host to the SSID that was just configured.
Settings

An empty field in a column indicates that the option has not been set.

Field

Definition

Name

User defined name for the configuration.

SSID

Name of the SSID being configured. This is not necessarily the SSID to which the host is connected. However, the agent will attempt to move the host to this SSID when the configuration is applied.

Note

A host can have supplicant configurations stored for multiple SSIDs.

Security

Indicates the type of encryption that will be used for connections to this SSID. Options include:

  • Open
  • WEP (PSK)
  • WPA (PSK)
  • WPA2 (PSK)
  • WEP Enterprise (PEAP)
  • WPA Enterprise (PEAP)
  • WPA2 Enterprise (PEAP)
Note

WPA Enterprise and WPA2 Enterprise are limited to PEAP-MSCHAPv2.

Cipher

Encryption/decryption method used in conjunction with the information in the Security field to secure this connection. Options include:

  • AES
  • NONE
  • TKIP

EAP Type

Currently only PEAP is supported.

Note

User specified note field. This field may contain notes regarding the conversion from a previous version of FortiNAC.

Last Modified By

User name of the last user to modify the record.

Last Modified Date

Date and time of the last modification to this configuration.

Right click options

Delete

Deletes the selected Supplicant Configuration.

In Use

Indicates whether or not the selected configuration is currently being used by any other FortiNAC element. See Configurations in use.

Modify

Opens the Modify Supplicant Configuration window for the selected configuration.

Show Audit Log

Opens the admin auditing log showing all changes made to the selected item.

For information about the admin auditing log, see Audit Logs.

Note

You must have permission to view the admin auditing log. See Add an administrator profile.

Buttons

Export

Exports the data displayed to a file in the default downloads location. File types include CSV, Excel, PDF, or RTF. See Export data.

Supplicant configurations

Supplicant configurations

Supplicant configurations define an SSID and security parameters required to configure the native supplicant available on a connecting host as part of its operating system. The supplicant configuration that is used for a particular host is determined by the pairing of a supplicant configuration and a user/host profile within a supplicant policy.

When a host connects to the network and requires the use of a supplicant, the host and user data are compared to each supplicant policy starting with the first policy in the list. When a policy is found where the host and user data match the user/host profile in the policy, that policy is applied. The supplicant configuration contained within that policy configures the supplicant on the host.

The host supplicant configuration setup process is as follows:

  1. Host connects to the network.
  2. Host connects to an open SSID based on the operating system of the host. If authenticating through LDAP, the user must be in the selected directory group configured in the SSID mapping. You configure SSID mapping with a supplicant configuration.
  3. If the user is on a Windows or macOS device, the user downloads either the Persistent Agent or the Dissolvable Agent. The agent applies the Supplicant Configuration after scanning and registering the host.
  4. If the user is on an Android device, the user downloads and runs the Mobile Agent. The agent applies the Supplicant Configuration after scanning and registering the host. See Mobile Agent for download requirements.
  5. FortiNAC compares user and host data to supplicant policies and finds the first match starting from the top of the list of policies.
  6. The user registers or authenticates.
  7. The supplicant configuration is applied.
  8. The Agent attempts to move the host to the SSID that was just configured.
Settings

An empty field in a column indicates that the option has not been set.

Field

Definition

Name

User defined name for the configuration.

SSID

Name of the SSID being configured. This is not necessarily the SSID to which the host is connected. However, the agent will attempt to move the host to this SSID when the configuration is applied.

Note

A host can have supplicant configurations stored for multiple SSIDs.

Security

Indicates the type of encryption that will be used for connections to this SSID. Options include:

  • Open
  • WEP (PSK)
  • WPA (PSK)
  • WPA2 (PSK)
  • WEP Enterprise (PEAP)
  • WPA Enterprise (PEAP)
  • WPA2 Enterprise (PEAP)
Note

WPA Enterprise and WPA2 Enterprise are limited to PEAP-MSCHAPv2.

Cipher

Encryption/decryption method used in conjunction with the information in the Security field to secure this connection. Options include:

  • AES
  • NONE
  • TKIP

EAP Type

Currently only PEAP is supported.

Note

User specified note field. This field may contain notes regarding the conversion from a previous version of FortiNAC.

Last Modified By

User name of the last user to modify the record.

Last Modified Date

Date and time of the last modification to this configuration.

Right click options

Delete

Deletes the selected Supplicant Configuration.

In Use

Indicates whether or not the selected configuration is currently being used by any other FortiNAC element. See Configurations in use.

Modify

Opens the Modify Supplicant Configuration window for the selected configuration.

Show Audit Log

Opens the admin auditing log showing all changes made to the selected item.

For information about the admin auditing log, see Audit Logs.

Note

You must have permission to view the admin auditing log. See Add an administrator profile.

Buttons

Export

Exports the data displayed to a file in the default downloads location. File types include CSV, Excel, PDF, or RTF. See Export data.