Description | This article talks about the prerequisites form Dissolvable Agent to automatically retrieve Server Address from FortiNAC instead of typing it manually. |
Scope | FortiNAC |
Solution |
To avoid entering Server Address manually, follow the below steps.
- First an individual needs to have a trusted SSL certificate for portal access.
-Second type > cat /var/named/chroot/etc/domain.zone.reg.
AgentConfig._networksentry._tcp SRV 0 0 443. <servername.domainname.com>. TXT path=/registration/agent/config <----- This is the path for DAgent to automatically download the config.
The second and third lines are the SRV record and indicate the FQDN of the server to which the agent will connect. The two zeros (0) in the example indicate priority and weight of this record. Priority is used when there are multiple servers to which the agent can connect, such as in a high availability environment.
443 is the port and should not be changed. In the example, the name of the server is servername.domainname.com. This must match the name in the valid certificate used to secure the portal.
Note that the period (.) at the end of servername.domainname.com. is required.
The TXT line contains the path.
The agent uses the information contained in these entries to construct a URL for the server to which it should connect.
Using the records shown above the Dissolvable Agent will automatically download the SRV record from the below link: https://servername.domainname.com:443/registration/agent/config
Useful link: |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.