Description
This article describes how FortiNAC-M manages server nodes (FortiNAC-CA) and explains the concept of Global Objects.
Scope
FortiNAC-M, FortiNAC-CA
Solution
FortiNAC Control Manager is used to add individual FortiNAC servers to provide scaling in large environments and centralized management.
The FortiNAC Control Manager ensures the following:
The FortiNAC Control Manager does not have a network inventory view. This is because there are no port objects in its database.
The FortiNAC Control Manager holds a repository of:
These records are propagated to other FortiNAC servers through varying methods. See documentation for more information: https://docs.fortinet.com/document/fortinac/8.5.0/control-manager/674974/server-synchronization
Global Objects
Global objects are elements configured in the FortiNAC Control Manager.
These include:
Everything configured on a specific FortiNAC CA server is controlled only on that server, which is considered a Local Object.
Each FortiNAC CA server that is added to a FortiNAC Control Manager will inherit the Global Objects configured on the manager. These Objects are tagged as "Global" in each server so the user is able to differentiate between them and Local Objects.
Notes:
- Device Profiling Rules can be ranked in the FortiNAC Control Manager.
- NAC policies can only be ranked on each FortiNAC CA server.
- Policies in each FortiNAC CA server can leverage Global Objects such as groups and user/host profiles.
Related documentation:
https://docs.fortinet.com/document/fortinac/8.5.0/control-manager/379834/fortinac-control-manager
Upgrade in Control Manager environments:
Upgrade guide:
https://docs.fortinet.com/document/fortinac/9.1.0/os-and-software-upgrade
Other related KBs:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.