Overview
This document provides the steps necessary for installing FortiNAC appliance(s). It is intended to be used in conjunction with the FortiNAC Deployment Guide in the Fortinet Document Library. This installation guide is the first step in the deployment.
Physical Appliance Part Numbers
Part Number |
Description |
FNC-M-550F |
Control Manager |
FNC-CA-500F |
Control and Application Server (CA) |
FNC-CA-600F |
Control and Application Server (CA) |
FNC-CA-700F |
Control and Application Server (CA) |
Operating System and Open Ports
FortiNAC-F series appliances use the FortiNAC-OS operating system. Limited TCP/UDP ports are open by default for security purposes. This was not the case for FortiNAC appliances using the CentOS operating system.
Hardware appliances only have TCP 22 (SSH) listening on Ethernet port1 by default. Opening additional ports requires the use of the "set allowaccess" command in the appliance CLI.
The configuration steps provided include opening ports for the applicable features and functions covered in this guide. As more features are configured, additional access must be enabled via the CLI. For details, see Open Ports in the FortiNAC Administration Guide.
The best practice is to keep the number of open ports to a minimum, and block all other ports. If there is a need to provide users access to network resources through a static port (e.g., from outside a firewall), the best option is to allow users to connect by VPN.