Fortinet white logo
Fortinet white logo

FortiNAC Manager

9.4.0

Sponsor Approval Email Links

Sponsor Approval Email Links

In Guest Manager when Self Registration Requests are sent to sponsors, the email messages contain links for the sponsor to either automatically accept/deny the request, or to login to the Admin UI to do this. The default links provided use https access and authenticate against the SSL certificate securing the FortiNAC Admin UI.

Modifying Host Name, Security Level and Port

The link contained in the email is composed by FortiNAC. The link contains the URL of the FortiNAC Server or Control Server. Any of the following URL components can be modified:

  • FQDN (default: FQDN as appears in /etc/hosts file and Configuration Wizard Basic Network screen)
  • Security Level (default: https)
  • Port (default: 8443)

In some situations, it may be desired to modify any or all of these components depending upon the appliance configuration. For example, in a High Availability environment with an L3 configuration where redundant FortiNAC servers do not use a shared IP address, the URL should contain the FQDN of the correct FortiNAC Server or Control Server. Typically, FortiNAC can determine the FQDN; however if there is an issue, the FQDN can be configured.

To modify any of the above components for the email links, a property file must be modified on the FortiNAC Server. Modify the property file as follows on both Primary and Secondary Servers:

  1. Log into the CLI as root on your FortiNAC Server or Control Server.
  2. Navigate to the following directory: /bsc/campusMgr/master_loader/
  3. Using vi or another editor, open the .masterPropertyFile file.
  4. At the top of the file there is a sample entry that is commented out. Use the syntax and below to create your own changes.

Syntax:

FILE_NAME=./properties_plugin/selfRegRequest.properties
{
com.bsc.plugin.guest.SelfRegRequestServer.EmailLinkHost=<security level>://<FQDN>:<port>
}

Example:

#############################################################
# FILE_NAME=./properties_plugin/bridgeManager.properties
# {
# com.bsc.plugin.bridge.BridgeManager.verifyRegisterdClients=true
# }
#############################################################
FILE_NAME=./properties_plugin/selfRegRequest.properties
{
com.bsc.plugin.guest.SelfRegRequestServer.EmailLinkHost=https://myNACServer.Fortinetnetworks.com:8443
}

  1. Save the changes to the file.
  2. Restart the FortiNAC Server.
    shutdownCampusMgr
    <wait 30 seconds>
    startupCampusMgr
    When the server restarts, the changes listed in the .masterPropertyFile are written to the selfRegRequest.properties file.

Verify:

Log into the CLI of the FortiNAC Server or Control Server and verify that the changes have been written to selfRegRequest.properties. At the prompt, enter:
grep -i EmailLinkHost /bsc/campusMgr/master_loader/properties_plugin/selfRegRequest.properties

Now when FortiNAC sends sponsor approval email, the links included will use this modified URL.

Sponsor Approval Email Links

Sponsor Approval Email Links

In Guest Manager when Self Registration Requests are sent to sponsors, the email messages contain links for the sponsor to either automatically accept/deny the request, or to login to the Admin UI to do this. The default links provided use https access and authenticate against the SSL certificate securing the FortiNAC Admin UI.

Modifying Host Name, Security Level and Port

The link contained in the email is composed by FortiNAC. The link contains the URL of the FortiNAC Server or Control Server. Any of the following URL components can be modified:

  • FQDN (default: FQDN as appears in /etc/hosts file and Configuration Wizard Basic Network screen)
  • Security Level (default: https)
  • Port (default: 8443)

In some situations, it may be desired to modify any or all of these components depending upon the appliance configuration. For example, in a High Availability environment with an L3 configuration where redundant FortiNAC servers do not use a shared IP address, the URL should contain the FQDN of the correct FortiNAC Server or Control Server. Typically, FortiNAC can determine the FQDN; however if there is an issue, the FQDN can be configured.

To modify any of the above components for the email links, a property file must be modified on the FortiNAC Server. Modify the property file as follows on both Primary and Secondary Servers:

  1. Log into the CLI as root on your FortiNAC Server or Control Server.
  2. Navigate to the following directory: /bsc/campusMgr/master_loader/
  3. Using vi or another editor, open the .masterPropertyFile file.
  4. At the top of the file there is a sample entry that is commented out. Use the syntax and below to create your own changes.

Syntax:

FILE_NAME=./properties_plugin/selfRegRequest.properties
{
com.bsc.plugin.guest.SelfRegRequestServer.EmailLinkHost=<security level>://<FQDN>:<port>
}

Example:

#############################################################
# FILE_NAME=./properties_plugin/bridgeManager.properties
# {
# com.bsc.plugin.bridge.BridgeManager.verifyRegisterdClients=true
# }
#############################################################
FILE_NAME=./properties_plugin/selfRegRequest.properties
{
com.bsc.plugin.guest.SelfRegRequestServer.EmailLinkHost=https://myNACServer.Fortinetnetworks.com:8443
}

  1. Save the changes to the file.
  2. Restart the FortiNAC Server.
    shutdownCampusMgr
    <wait 30 seconds>
    startupCampusMgr
    When the server restarts, the changes listed in the .masterPropertyFile are written to the selfRegRequest.properties file.

Verify:

Log into the CLI of the FortiNAC Server or Control Server and verify that the changes have been written to selfRegRequest.properties. At the prompt, enter:
grep -i EmailLinkHost /bsc/campusMgr/master_loader/properties_plugin/selfRegRequest.properties

Now when FortiNAC sends sponsor approval email, the links included will use this modified URL.