Technical Tip: How to add or modify CLI credentials in bulk on several network devices added to the FortiNAC inventory

Regularly updating CLI credentials across all devices within the FortiNAC inventory is an essential security and operational practice. These credentials are used by FortiNAC to authenticate, manage, and communicate securely with network devices such as switches, routers, and wireless controllers.

Alternatively, it might be required to update the network devices' CLI credentials. In this case, FortiNAC needs to be updated with the latest credentials for the devices in the inventory to continue performing its tasks.

Reasons for the update:

• Potential Compromise of Credentials:
  In cases where there is a suspicion or confirmation that the CLI credentials have been compromised, immediate updates are essential to restore the security and integrity of network device communication. Prompt action prevents unauthorized access and mitigates the risk of malicious activity within the managed network.
• Enhancement of Security Posture:
  Periodic credentials updates minimize the risk of unauthorized access resulting from compromised or outdated authentication data. Over time, credentials may be exposed through configuration backups, personnel changes, or external security breaches. Updating them ensures that only authorized entities retain access to network devices.
• Compliance with Security Policies and Standards:
  Many organizations are required to adhere to internal IT governance frameworks or external compliance standards (such as ISO 27001, PCI-DSS, or NIST). These frameworks mandate the regular rotation of administrative credentials and encryption keys to maintain a secure operational environment.
• Preservation of Secure Communication:
  CLI credentials are used to securely communicate with the network devices. Updating these credentials ensures continued integrity and confidentiality of authentication data, preventing potential interception or replay attacks.
• Operational Consistency and Automation:
  Performing simultaneous updates across the device inventory ensures configuration consistency, reduces administrative errors, and streamlines future maintenance tasks. It allows FortiNAC to continue managing all devices without authentication failures or connectivity interruptions.

Procedure for Updating CLI Credentials in FortiNAC via GUI:

To update the CLI credentials for multiple network devices in bulk:

1. Access the FortiNAC web console and navigate to Network → Inventory → Container.
2. From the list on the right-hand side, select all devices or multiple devices by using CTRL and the left button of the mouse for which the CLI credentials need to be modified.
3. Right-click on the selected devices and choose 'Modify Device Properties'.
4. In the CLI Settings section, enter the new CLI credentials.
   Once saved, the updated credentials will be applied to all selected devices simultaneously.

Procedure for Updating CLI Credentials in FortiNAC via CLI (NAC-OS only):

The same bulk modification of CLI credentials on network devices added to the FortiNAC-F inventory can also be performed from the CLI.

Notes:

• Be cautious when changing passwords on multiple devices, as one wrong syntax or step will result in the disconnection of all the selected devices from FortiNAC.
• Moreover, this process is only applicable to FortiNAC-OS and will not work on the CentOS version of FortiNAC.

Log in to the FortiNAC CLI.

For details, see the CLI Reference Manual guide of FortiNAC v7.4.0+.