Technical Tip: Add FortiNAC via Security Fabric
Description
This article describes how to add FortiNAC via Security Fabric.
Scope
A FortiNAC can be added to the Security Fabric on the root FortiGate.
After the unit has been added and authorized, log in to the FortiNAC from the FortiGate topology views is possible.
Adding a FortiNAC to the Security Fabric requires a FortiNAC with a license issued in the year 2020 that includes an additional certificate.
The unit cannot be added if it has an older license.
Use the license tool in the FortiNAC CLI to determine if the license includes the additional certificate.
Solution
To add a FortiNAC to the Security Fabric.
1) On the FortNAC, configure telemetry and input the IP address of the root FortiGate.
2) On the root FortiGate, authorize the FortiNAC.
3) Verify the connection status in the topology views.
To configure the FortiNAC.
1) Go to System -> Settings, and in the Folder View select 'Security Fabric Connection'.
2) Add a new entry with the root FortiGate unit's IP address. The default port is 8013.
This article describes how to add FortiNAC via Security Fabric.
Scope
A FortiNAC can be added to the Security Fabric on the root FortiGate.
After the unit has been added and authorized, log in to the FortiNAC from the FortiGate topology views is possible.
Adding a FortiNAC to the Security Fabric requires a FortiNAC with a license issued in the year 2020 that includes an additional certificate.
The unit cannot be added if it has an older license.
Use the license tool in the FortiNAC CLI to determine if the license includes the additional certificate.
Solution
To add a FortiNAC to the Security Fabric.
1) On the FortNAC, configure telemetry and input the IP address of the root FortiGate.
2) On the root FortiGate, authorize the FortiNAC.
3) Verify the connection status in the topology views.
To configure the FortiNAC.
1) Go to System -> Settings, and in the Folder View select 'Security Fabric Connection'.
2) Add a new entry with the root FortiGate unit's IP address. The default port is 8013.
To authorize the FortiNAC on the root FortiGate from GUI.
1) Go to Security Fabric > Fabric Connectors.
2) The FortiNAC will be highlighted in the topology list in the right panel with the status 'Waiting for Authorization'.
3) Select the highlighted FortiNAC and select 'Authorize'.
1) Go to Security Fabric > Fabric Connectors.
2) The FortiNAC will be highlighted in the topology list in the right panel with the status 'Waiting for Authorization'.
3) Select the highlighted FortiNAC and select 'Authorize'.
Optionally, deny authorization to the FortiNAC to remove it from the list is also possible.
To authorize the FortiNAC on the root FortiGate from CLI.
1) After the FortiNAC is authorized, go to Security Fabric -> Physical Topology and confirm that it is included in the topology.
To authorize the FortiNAC on the root FortiGate from CLI.
# config system csfTo verify the connection status.
# config trusted-list
edit "FNVMCATM20-----6"
set action accept
next
end
end
1) After the FortiNAC is authorized, go to Security Fabric -> Physical Topology and confirm that it is included in the topology.
2) Go to Security Fabric -> Logical Topology and confirm the FortiNAC which is also displayed there.
3) Run the following command from CLI to view information about the FortiNAC unit's status:
1) On the FortiGate, go to Security Fabric -> Physical Topology or Security Fabric -> Logical Topology.
2) Select on the FortiNAC and select 'Login to <serial_number>'.
# diagnose sys csf downstream-devices fortinacTo log in to the FortiNAC from the FortiGate.
{
"path":"FG5H1E5818-----6:FNVMCATM20-----6",
"mgmt_ip_str":"10.1.100.197",
"mgmt_port":0,
"admin_port":8443,
"serial":"FNVMCATM20-----6",
"host_name":"adnac",
"device_type":"fortinac",
"upstream_intf":"port2",
"upstream_serial":"FG5H1E5818-----6",
"is_discovered":true,
"ip_str":"10.1.100.197",
"downstream_intf":"eth0",
"authorizer":"FG5H1E5818-----6",
"idx":1
}
1) On the FortiGate, go to Security Fabric -> Physical Topology or Security Fabric -> Logical Topology.
2) Select on the FortiNAC and select 'Login to <serial_number>'.