FortiNAC-F is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks. For legacy FortiNAC articles prior to FortiNAC-F 7.2, see FortiNAC.
This article discusses a change in FortiNAC agent communication in Agent vF 7.6.0. TLSv1.2 has been disabled and requires TLSv1.3.
Note:
FortiNAC CentOS systems (FNC-CA) do not support Dissolvable and Passive Agent vF 7.6.0 and above.
TLSv1.3 is not supported for the Portal on FortiNAC CentOS systems due to limitations in CentOS 7. Dissolvable and Passive agents interact with the FortiNAC Portal and are affected by this limitation.
Persistent Agents using vF 7.6 are supported on FortiNAC systems running either CentOS (FNC-CA) or FortiNAC-OS (FNC-CAX).
Scope
Agent vF 7.6.0 +.
Solution
Verify that TLSv1.3 is enabled in FortiNAC before the upgrade. This will avoid communication disruption between FortiNAC and the agents.
Navigate to System -> Settings -> Persistent Agent -> Transport Configurations.
Under TLS Service Configurations, verify the following:
Persistent Agents:
Certificate Alias: agent
TLS Protocols: TLSv1.3
Dissolvable and Passive Agents (FortiNAC-OS systems only):
