(FNC-CAX): Configure "set allowaccess" Options
If FortiNAC system is running the CentOS operating system (FNC-CA), skip this step.
Configure access for the applicable protocols using the "set allowaccess" command via the appliance CLI. Use the table below to determine which protocols to allow. For additional details regarding this command and available options, see Interface in the CLI Reference Guide.
Function |
“set allowaccess” option |
Apply to interface |
Persistent Agent Communication (TCP 4568) |
nac-agent
|
port1 and port2 |
-
Log in to the CLI as admin and type:
show system interface
-
Confirm the command
set allowaccess
includes the required options per the table above. In this example, the Persistent Agent will be used, so “nac-agent” option needs to be added:set allowaccess https-adminui ssh snmp
-
Copy the existing
set allowaccess
line command to buffer. Important: Ensure all protocols listed are copied. There is no “append” option. -
Modify the access list. Type:
config system interface
edit port1
<Paste set allowaccess command copied to buffer> <new option(s)>
end
end
-
Example using nac-agent:
config system interface
edit port1
set allowaccess https-adminui ssh snmp nac-agent
end
end
-
Review the entry to confirm the protocols were added. Type:
show system interface
-
Repeat steps 1-6 for port2.
-
Log out of the CLI. Type:
exit