Use Case 1: Agent Distributed Via Software Management

The above example shows three locations:

• Server 1P Application Server and Server 1S Application Server in a High Availability pair at Location A.

• Server 2 Application Server at Location B.

• Server 3 Application Server at Location C.

• Production domain server does not have SRV records for the appliances.

• There are no ACLs configured between sites to block agent traffic.

Use Case 1 Requirements

• Single software image will be pushed to locations A & B.

• Agent communications allowed with Locations A & B only.

• One SSL Certificate will be used for all FortiNAC appliances.

Use Case 1 Recommended Settings and Configurations

Persistent Agent Settings Configured via Software

Security	enabled
Allowed Servers	Server1P.domain.com Server1S.domain.com Server2.domain.com
Restrict Roaming	Enabled
Login Dialog	disabled
System Tray Icon	disabled

FortiNAC Settings

"Require Connected Adapter" Feature	enabled
Certificate Type for Persistent Agent Target	SAN or wildcard Certificate

Use Case 1 Scenarios: Persistent Agent Discovery - Host Connects to Location A

Last Connected Server	SRV Records Received	Home Server (Default Location)	Allowed Servers
(none)	(none)	(none)	Server1P
			Server1S
			Server2

Server Connection List Order

Server1P

Server1S

Server2

As there are no SRV records and both the Last Connected Server and Home Server entries are empty, the agent will attempt to connect based on the Allowed Servers list.

Resulting behavior:

1. Agent attempts to communicate with Server1P. Server1P is active and sees the host online so it responds.

2. Both the Last Connected Server and Home Server entries are populated with Server1P.

Last Connected Server	Home Server (Default Location)	Allowed Servers
Server1P	Server1P	Server1P
		Server1S
		Server2

The next time the agent attempts to communicate, unless the agent receives a DNS record from a different server in the list, the agent will try to connect to the Last Connected Server first.

Use Case 1 Scenarios: Persistent Agent Discovery - Host Roams from Location A to Location B

Last Connected Server	SRV Records Received	Home Server (Default Location)	Allowed Servers
Server1P	None	Server1P	Server1P
			Server1S
			Server2

Server Connection List Order

Server1P (Last Connected Server and Home Server)

Server1S (Next in Allowed Servers List)

Server2 (Next in Allowed Servers List)

Resulting behavior:

1. Agent attempts to communicate with Server1P. Server1P sees the host offline, so it directs the agent to try the next server.

2. Agent attempts to communicate with Server1S. Server1S is in standby and does not respond.

3. Agent attempts to communicate with Server2. Server2 sees the host online so it responds.

4. The Last Connected Server entry is updated to Server2.

Last Connected Server	Home Server (Default Location)	Allowed Servers
Server2	Server1P	Server1P
		Server1S
		Server2

The next time the agent attempts to communicate, unless the agent receives a DNS record from a different server in the list, the agent will try to connect to the Last Connected Server first.

Use Case 1 Scenarios: Persistent Agent Discovery - Host Roams from Location B to Location C

Last Connected Server	SRV Records Received	Home Server (Default Location)	Allowed Servers
Server2	None	Server1P	Server1P
			Server1S
			Server2

Server Connection List Order

Server2 (Last Connected Server)

Server1P (Home Server and first in Allowed Servers List)

Server1S (Next in Allowed Servers List)

Resulting behavior:

1. Agent attempts to communicate with Server2. Server2 sees the host offline, so it directs the agent to try the next server.

2. Agent attempts to communicate with Server1P. Server1P sees the host offline, so it directs the agent to try the next server.

3. Agent attempts to communicate with Server1S. Server1S is in standby and does not respond.

The agent will not attempt to connect to Server3 because it is not in the Allowed Servers list.