Fortinet black logo

New Features

6.4.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0

Allow FortiNAC to join the Security Fabric

Allow FortiNAC to join the Security Fabric

A FortiNAC device can be added to the Security Fabric on the root FortiGate. After the device has been added and authorized, you can log in to the FortiNAC from the FortiGate topology views.

Note

Adding a FortiNAC to the Security Fabric requires a FortiNAC with a license issued in the year 2020 that includes an additional certificate. The device cannot be added if it has an older license. Use the licensetool in the FortiNAC CLI to determine if your license includes the additional certificate
To add a FortiNAC to the Security Fabric:
  1. On the FortNAC, configure telemetry and input the IP address of the root FortiGate.
  2. On the root FortiGate, authorize the FortiNAC.
  3. Verify the connection status in the topology views.
To configure the FortiNAC:
  1. Go to System > Settings, and in the Folder View select Security Fabric Connection.
  2. Add a new entry with the root FortiGate device's IP address. The default port is 8013.

    See Security Fabric Connection in the FortiNAC Administration Guide for more information.

To authorize the FortiNAC on the root FortiGate in the GUI:
  1. Go to Security Fabric > Fabric Connectors.
  2. The FortiNAC device will be highlighted in the topology list in the right panel with the status Waiting for Authorization.
  3. Click on the highlighted FortiNAC and select Authorize.

    Optionally, you can also deny authorization to the FortiNAC to remove it from the list.

    Note

    Joining a FortiNAC to the Security Fabric is not related to FortiNAC Tags FSSO connectors. See FortiNAC endpoint connector for information about the FSSO connector.

To authorize the FortiNAC on the root FortiGate in the CLI:
config system csf
    config trusted-list
        edit "FNVMCATM20000306"
            set action accept
        next
    end
end
To verify the connection status:
  1. After the FortiNAC is authorized, go to Security Fabric > Physical Topology and confirm that it is included in the topology.

  2. Go to Security Fabric > Logical Topology and confirm the FortiNAC is also displayed there.

  3. Run the following command in the CLI to view information about the FortiNAC device's status:
    # diagnose sys csf downstream-devices fortinac 
{
  "path":"FG5H1E5818900126:FNVMCATM20000306",
  "mgmt_ip_str":"10.1.100.197",
  "mgmt_port":0,
  "admin_port":8443,
  "serial":"FNVMCATM20000306",
  "host_name":"adnac",
  "device_type":"fortinac",
  "upstream_intf":"port2",
  "upstream_serial":"FG5H1E5818900126",
  "is_discovered":true,
  "ip_str":"10.1.100.197",
  "downstream_intf":"eth0",
  "authorizer":"FG5H1E5818900126",
  "idx":1
}
To log in to the FortiNAC from the FortiGate:
  1. On the FortiGate, go to Security Fabric > Physical Topology or Security Fabric > Logical Topology.
  2. Click on the FortiNAC and select Login to <serial_number>.

    A new tab will open to the FortiNAC log in page.

  3. Enter the username and password to log in to the FortiNAC.
Previous
Next

Allow FortiNAC to join the Security Fabric

A FortiNAC device can be added to the Security Fabric on the root FortiGate. After the device has been added and authorized, you can log in to the FortiNAC from the FortiGate topology views.

Note

Adding a FortiNAC to the Security Fabric requires a FortiNAC with a license issued in the year 2020 that includes an additional certificate. The device cannot be added if it has an older license. Use the licensetool in the FortiNAC CLI to determine if your license includes the additional certificate
To add a FortiNAC to the Security Fabric:
  1. On the FortNAC, configure telemetry and input the IP address of the root FortiGate.
  2. On the root FortiGate, authorize the FortiNAC.
  3. Verify the connection status in the topology views.
To configure the FortiNAC:
  1. Go to System > Settings, and in the Folder View select Security Fabric Connection.
  2. Add a new entry with the root FortiGate device's IP address. The default port is 8013.

    See Security Fabric Connection in the FortiNAC Administration Guide for more information.

To authorize the FortiNAC on the root FortiGate in the GUI:
  1. Go to Security Fabric > Fabric Connectors.
  2. The FortiNAC device will be highlighted in the topology list in the right panel with the status Waiting for Authorization.
  3. Click on the highlighted FortiNAC and select Authorize.

    Optionally, you can also deny authorization to the FortiNAC to remove it from the list.

    Note

    Joining a FortiNAC to the Security Fabric is not related to FortiNAC Tags FSSO connectors. See FortiNAC endpoint connector for information about the FSSO connector.

To authorize the FortiNAC on the root FortiGate in the CLI:
config system csf
    config trusted-list
        edit "FNVMCATM20000306"
            set action accept
        next
    end
end
To verify the connection status:
  1. After the FortiNAC is authorized, go to Security Fabric > Physical Topology and confirm that it is included in the topology.

  2. Go to Security Fabric > Logical Topology and confirm the FortiNAC is also displayed there.

  3. Run the following command in the CLI to view information about the FortiNAC device's status:
    # diagnose sys csf downstream-devices fortinac 
{
  "path":"FG5H1E5818900126:FNVMCATM20000306",
  "mgmt_ip_str":"10.1.100.197",
  "mgmt_port":0,
  "admin_port":8443,
  "serial":"FNVMCATM20000306",
  "host_name":"adnac",
  "device_type":"fortinac",
  "upstream_intf":"port2",
  "upstream_serial":"FG5H1E5818900126",
  "is_discovered":true,
  "ip_str":"10.1.100.197",
  "downstream_intf":"eth0",
  "authorizer":"FG5H1E5818900126",
  "idx":1
}
To log in to the FortiNAC from the FortiGate:
  1. On the FortiGate, go to Security Fabric > Physical Topology or Security Fabric > Logical Topology.
  2. Click on the FortiNAC and select Login to <serial_number>.

    A new tab will open to the FortiNAC log in page.

  3. Enter the username and password to log in to the FortiNAC.
Previous
Next