FortiNAC deployment steps

Question

Hello FNAC admins,

After reading FNAC documents and some articles by the Fortinet staff, I've concluded that these are the steps to follow to configure FortiNAC, please correct me if I missed something or If the order is wrong.

1- Config the interfaces (port 1 and port2 and they shouldnt be on the same subnet)

2- Config wizard, config layer 3 isolation (its recommended to have one that regroups all devices)

3- Config VLAN interfaces on fortigate

4- Config MAC notif traps on Fortiswitch and disable linkup linkdown if its enabled

5- Config DHCP relay on fortigate (which is Fortinac's IP add)

6- Add the network devices to the inventory (fortigate and switches)

7- L2 or L3 polling to get the needed informations

8- Config LDAP with FNAC

9- Config persistant agent on endpoints

10- Create user/host profiles

11- Create a network access policy

Any help would be much appreciated to make these steps even more detailed and correct

BR,

AEK · Answer

Hi BHThe main points are correct.However The devil is in the details. Many small details may not have been mentioned in the documentation and you need to rely on your experience and you sense of troubleshooting.Be assured that FNAC is not easy neither simple. For my first FNAC experience it was one of the hardest and most complicated integrations ever.Count on our support in case you have any issue with any step then you can post in this forum and we'll do our best to help.If this integration is prod then avoid using 7.6.x and 7.4.x for now. Try use 7.2.9 as it is the most stable so far.For your managed FSW you should refer to this doc.https://docs.fortinet.com/document/fortinac-f/7.6.0/fortiswitch-fortilink-integration/365563/overviewHope it helps.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded