Fortinet black logo

Persistent Agent Deployment and Configuration

Home FortiNAC-F 7.2.0 Persistent Agent Deployment and Configuration
7.2.0
7.4.0
7.2.0

(FNC-CAX): Configure "set allowaccess" Options

(FNC-CAX): Configure "set allowaccess" Options

If FortiNAC system is running the CentOS operating system (FNC-CA), skip this step.

Configure access for the applicable protocols using the "set allowaccess" command via the appliance CLI. Use the table below to determine which protocols to allow. For additional details regarding this command and available options, see Interface in the CLI Reference Guide.

Function

“set allowaccess” option

Apply to interface

Persistent Agent Communication (TCP 4568)

nac-agent

port1 and port2

  1. Log in to the CLI as admin and type:

    show system interface

  2. Confirm the command set allowaccess includes the required options per the table above. In this example, the Persistent Agent will be used, so “nac-agent” option needs to be added:

    set allowaccess https-adminui ssh snmp

  3. Copy the existing set allowaccess line command to buffer. Important: Ensure all protocols listed are copied. There is no “append” option.

  4. Modify the access list. Type:

    config system interface

    edit port1

    <Paste set allowaccess command copied to buffer> <new option(s)>

    end

    end

  5. Example using nac-agent:

    config system interface

    edit port1

    set allowaccess https-adminui ssh snmp nac-agent

    end

    end

  6. Review the entry to confirm the protocols were added. Type:

    show system interface

  7. Repeat steps 1-6 for port2.

  8. Log out of the CLI. Type:

    exit

Previous
Next

(FNC-CAX): Configure "set allowaccess" Options

If FortiNAC system is running the CentOS operating system (FNC-CA), skip this step.

Configure access for the applicable protocols using the "set allowaccess" command via the appliance CLI. Use the table below to determine which protocols to allow. For additional details regarding this command and available options, see Interface in the CLI Reference Guide.

Function

“set allowaccess” option

Apply to interface

Persistent Agent Communication (TCP 4568)

nac-agent

port1 and port2

  1. Log in to the CLI as admin and type:

    show system interface

  2. Confirm the command set allowaccess includes the required options per the table above. In this example, the Persistent Agent will be used, so “nac-agent” option needs to be added:

    set allowaccess https-adminui ssh snmp

  3. Copy the existing set allowaccess line command to buffer. Important: Ensure all protocols listed are copied. There is no “append” option.

  4. Modify the access list. Type:

    config system interface

    edit port1

    <Paste set allowaccess command copied to buffer> <new option(s)>

    end

    end

  5. Example using nac-agent:

    config system interface

    edit port1

    set allowaccess https-adminui ssh snmp nac-agent

    end

    end

  6. Review the entry to confirm the protocols were added. Type:

    show system interface

  7. Repeat steps 1-6 for port2.

  8. Log out of the CLI. Type:

    exit

Previous
Next