Technical Note: Use of host name fields for Persistent Agent security management
Description
When navigating to System > Settings > Security Management - Persistent Agent in the Administration UI, there is a field called Primary Host Name (Secondary Host Name as well in High Availability configurations). By default, these fields are blank.
When populated with the Fully Qualified Host Name of the Application Server or Server, the name of the server is pushed out to connecting host(s) and updates the ServerIP Persistent Agent setting on those host(s). This is to ensure that the Persistent Agent is communicating with the correct host in a distributed environment. In a High Availability environment, the name pushed would be the currently active server.
The ServerIP setting was used in 2.x and lower versions of the Persistent Agent. 3.x and higher use the HomeServer and AllowedServer settings. In certain situations, however, inconsistent agent communication could still occur if the names in the Host Name fields are not correct.
When populated with the Fully Qualified Host Name of the Application Server or Server, the name of the server is pushed out to connecting host(s) and updates the ServerIP Persistent Agent setting on those host(s). This is to ensure that the Persistent Agent is communicating with the correct host in a distributed environment. In a High Availability environment, the name pushed would be the currently active server.
The ServerIP setting was used in 2.x and lower versions of the Persistent Agent. 3.x and higher use the HomeServer and AllowedServer settings. In certain situations, however, inconsistent agent communication could still occur if the names in the Host Name fields are not correct.
Scope
Version: 8.x
SolutionThe Host Name fields in this screen should remain blank when using Persistent Agent versions 3.x and higher. Either DNS SRV records or software management should be used to distribute the server names to the Persistent Agents.For information on Persistent Agent distribution and configuration, see Reference Manual Persistent Agent Deployment and Configuration in the Fortinet Document Library.