Fortinet black logo

Agent Release Notes

Home FortiNAC 9.4.0 Agent Release Notes
9.4.0
9.4.1
9.4.0

Upgrade Considerations

Upgrade Considerations

Feature

Description
Agents with Security Disabled

As of Persistent Agent version 5.3, there is no option to disable secure agent communications. Agents upgraded from previous versions to 5.3 or greater will communicate over TCP 4568 regardless of the "securityEnabled" Persistent Agent setting.

The following must be done prior to upgrading hosts to agent version 5.3:

  • Ensure valid SSL certificates are installed in the Persistent Agent Certificate Target

    • Version 8.x: Navigate to System > Settings > Security > Certificate Management.
    • Version 9.x: Navigate to Security Configuration > Certificate Management.

  • Packet Transport Configurations must have TCP 4568 listed

    • Version 8.x: Navigate to System > Settings > Persistent Agent > Transport Configuration.
    • Version 9.x: Navigate to Security Configuration > Agent Settings > Transport Configuration.

Agents Communicating with SSLv3

FortiNAC versions 6.2.6, 7.0.3, 7.1.0, and 7.2.0 use SSLv3 to communicate with 3.x agents earlier than version 3.3. When you have replaced all of your 3.2.x, 3.1.x and 3.0.x agents with the 3.3 agent (or higher), FortiNAC 6.2.6, 7.0.3 and 7.1.1 can be configured to disable SSLv3 agent communications - thus completely removing the vulnerability for “POODLE” (CVE-2014-3566.) Contact Product Support for details and assistance.

AV/AS Definitions

Using the "Cert-Check" and "Service" Custom Scans that are new in the 7.3.0 release of FortiNAC requires the use of AV/AS Definitions published June 22, 2015 or greater, Agent 3.5.0 or greater and FortiNAC 7.3 or greater.

Endpoint Compliance

Added Legacy Dissolvable and Legacy Persistent Agent options in Endpoint Compliance Configurations. These options allow you to deploy the latest agent that does not require certificates. Agents that do not require certificates are the 2.X Persistent and Dissolvable Agents and the 3.0.X Dissolvable Agent. If you choose Latest Agent, the Agent on your server with the highest version number is deployed. This could be an agent that requires a certificate. On upgrade the Persistent or Dissolvable Agent options that were set to Latest Agent will now be set to Legacy Agent.

Operating System Case

Agent V3.0 and higher requires Mac OS X 10.6 or higher.

Persistent Agent Case

Changed VMs running on LINUX hosts to show as new rogues. Previously, the VM would be appended to the host's adapters as a Virtual-Guest adapter.
Previous
Next

Upgrade Considerations

Feature

Description
Agents with Security Disabled

As of Persistent Agent version 5.3, there is no option to disable secure agent communications. Agents upgraded from previous versions to 5.3 or greater will communicate over TCP 4568 regardless of the "securityEnabled" Persistent Agent setting.

The following must be done prior to upgrading hosts to agent version 5.3:

  • Ensure valid SSL certificates are installed in the Persistent Agent Certificate Target

    • Version 8.x: Navigate to System > Settings > Security > Certificate Management.
    • Version 9.x: Navigate to Security Configuration > Certificate Management.

  • Packet Transport Configurations must have TCP 4568 listed

    • Version 8.x: Navigate to System > Settings > Persistent Agent > Transport Configuration.
    • Version 9.x: Navigate to Security Configuration > Agent Settings > Transport Configuration.

Agents Communicating with SSLv3

FortiNAC versions 6.2.6, 7.0.3, 7.1.0, and 7.2.0 use SSLv3 to communicate with 3.x agents earlier than version 3.3. When you have replaced all of your 3.2.x, 3.1.x and 3.0.x agents with the 3.3 agent (or higher), FortiNAC 6.2.6, 7.0.3 and 7.1.1 can be configured to disable SSLv3 agent communications - thus completely removing the vulnerability for “POODLE” (CVE-2014-3566.) Contact Product Support for details and assistance.

AV/AS Definitions

Using the "Cert-Check" and "Service" Custom Scans that are new in the 7.3.0 release of FortiNAC requires the use of AV/AS Definitions published June 22, 2015 or greater, Agent 3.5.0 or greater and FortiNAC 7.3 or greater.

Endpoint Compliance

Added Legacy Dissolvable and Legacy Persistent Agent options in Endpoint Compliance Configurations. These options allow you to deploy the latest agent that does not require certificates. Agents that do not require certificates are the 2.X Persistent and Dissolvable Agents and the 3.0.X Dissolvable Agent. If you choose Latest Agent, the Agent on your server with the highest version number is deployed. This could be an agent that requires a certificate. On upgrade the Persistent or Dissolvable Agent options that were set to Latest Agent will now be set to Legacy Agent.

Operating System Case

Agent V3.0 and higher requires Mac OS X 10.6 or higher.

Persistent Agent Case

Changed VMs running on LINUX hosts to show as new rogues. Previously, the VM would be appended to the host's adapters as a Virtual-Guest adapter.
Previous
Next