Description
This article describes how to configure FortiNAC and FortiGate to poll the sessions to FortiNAC.
Related link:
https://docs.fortinet.com/document/fortinac/8.6.0/administration-guide/473911/firewall-session-polli...
Scope
- SSH needs to be enabled on the FortiGate.
- User with full permissions (super_admin) on FortiGate.
- At least SNMPv1 needs to be enabled and configured on FortiGate.
- Firewall Polling needs to be enabled on FortiNAC.
Solution
1) Enable and configure SNMP Agent on FortGate.
2) Create new Community for FortiNAC by selecting '+ Create New' and configure following.
- Specify the Community Name.
- Enter the IP address from FortiNAC to 'IP Address' field
3) FortiGate to FortiNAC in the 'Network Devices' under Topology'.
- Enter the IP address from FortiNAC to 'IP Address' field
3) FortiGate to FortiNAC in the 'Network Devices' under Topology'.
4) Make sure SSH credentials and SNMP are validated and confirmed.
5) Select the FortiGate and select 'Set Firewall Session Polling'.
6) Make sure 'Enabled' is selected and write the 'Frequency' interval and select OK to save. Manually poll the unit by selecting 'Poll now'.
7) After a couple of minutes the sessions listed under Hosts -> FortiGate Sessions are visible.
Troubleshooting.
1) If there are no sessions listed when 'FortiGate Sessions' is open, try to refresh the list with a refresh button in the top right corner.
2) Verify if the FortiGate is being polled properly.
Note:
FortiNAC reads the IPv4 Firewall sessions. It reads /api/v2/monitor/firewall/session from the FortiOS REST API.
