Skip to main content
amineelm
amineelm
New Member
September 23, 2025
Question

FortiNAC-F endpoint compliance

  • September 23, 2025
  • 3 replies
  • 1077 views

Hello everybody,

I'm new to FortiNAC-F and currently using the latest version (7.6.4). I would like to implement the following endpoint compliance policies with FortiNAC, but since I’m still learning, I’m seeking your help.

My goal is to configure the system so that any endpoint without an enabled antivirus, without an updated OS, or with medium to critical vulnerabilities is denied access to the network and redirected to quarantine.

Do you have any ideas on how I can proceed, or any tips? Thank you so much in advance!

3 replies

AEK
SuperUser
AEK
SuperUser
September 23, 2025

Hi Amine

It is under menu Policy & Objects > Endpoint Compliance.

First you need to install the persistent agent on your clients.

Then you can start here:

https://docs.fortinet.com/document/fortinac-f/7.6.0/administration-guide/156414/endpoint-compliance

Hope it helps.

AEK
    amineelm
    amineelmAuthor
    New Member
    September 23, 2025

    Hello, 

    Thank you so much for you reply , actually on the link you provided i found some of what i was looking for, but what i still can't find is where FortiNAC-F can detect endpoints that are vulnerable (High and critical vulnerabilities) and if the persistent agent can detect that

    AEK
    SuperUser
    AEK
    SuperUser
    September 23, 2025

    I've never seen that on FortiNAC(-F). Vulnerability management can be done by FortiClient, which is an endpoint protection agent. And I know that the FortiClient EMS solution can be integrated with FortiNAC.

     

    You may start here:

    https://docs.fortinet.com/document/fortinac-f/7.6.0/forticlient-ems-integration/782543/what-it-does#_Toc196925199

     

    And for the integration you can check this tech tip (by Emirjon).

    https://community.fortinet.com/t5/FortiNAC-F/Technical-Tip-Integration-between-FortiClient-EMS-and-FortiNAC/ta-p/290350

     

    Hope it helps.

     
    AEK
      amineelm
      amineelmAuthor
      New Member
      September 29, 2025

      Hello,

      Thank you very much for your reply. Your guidance was extremely helpful — I followed the instructions you provided regarding FortiNAC/EMS integration, and everything went smoothly.

      However, when I test the connectivity, I receive the following error message: "Failure: Failed to read Fortinet EMS device: authentication failed."

      I have verified the network connectivity, and FortiNAC is able to ping the EMS. The credentials I provided to FortiNAC are correct, but I’m still unable to determine the source of the issue.

      Could you please advise on possible causes or next steps?

      Thank you for your help.

      ebilcari
      Staff
      ebilcari
      Staff
      September 29, 2025

      Does the EMS has a valid SSL certificate that is trusted by FNAC?

      There are some troubleshooting and debugs shown in the previously shared article.

      Emirjon
      amineelm
      amineelmAuthor
      New Member
      September 29, 2025

      The EMS was an OVA i did download from Fortinet , it comes with an self-signed certificate. 

      ebilcari
      Staff
      ebilcari
      Staff
      September 30, 2025

      Do you have a private CA in your environment, do you plan to sign a certificate for EMS?

      As I know, FNAC by default will not make API calls to unsecure services.

      Emirjon
      Terms & ConditionsAccessibility statement