Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
Hatibi
Staff & Editor
Staff & Editor

Created on ‎11-04-2022 05:41 AM Edited on ‎06-18-2025 04:21 AM By Moderator

Article Id 228916

Technical Tip: FortiNAC Control Manager function and Global objects

Description

 

This article describes how FortiNAC-M manages server nodes (FortiNAC-CA) and explains the concept of Global Objects.

 

Scope

 

FortiNAC-M, FortiNAC-CA.

 

Solution

 

FortiNAC Control Manager is used to add individual FortiNAC servers to provide scaling in large environments and centralized management.

 

The FortiNAC Control Manager ensures the following:

  • All Servers (Pods) are on the same version. (Different versions are not supported.)
  • Upgrades are performed from the Manager and pushed to all servers.
  • Licenses are pushed dynamically from the Manager to all servers.
  • Administration is simplified even in large environments.
  • Servers can be accessed in Dashboard, synchronized, added or deleted. Adding or removing servers will not impact their operation. Both instances of a High Availability (HA) server can be automatically added in the FortiNAC Control Manager by adding only the Shared IP.

 

dashboard.PNG

The FortiNAC Control Manager does not have a network inventory view. This is because there are no port objects in its database.

 

The FortiNAC Control Manager holds a repository of:

  • Accounts.
  • Hosts.
  • Adapters.

These records are propagated to other FortiNAC servers through varying methods. See the documentation for more information.

 

NCM Server Synchronization.PNG

Global Objects.

 

Global objects are elements configured in the FortiNAC Control Manager.

 

These include:

  • Device profiling rules.
  • Policies (NAC, EPC, etc).
  • Guest/Contractor Templates.
  • Groups.

Everything configured on a specific FortiNAC CA server is controlled only on that server, which is considered a Local Object.

Each FortiNAC CA server that is added to a FortiNAC Control Manager will inherit the Global Objects configured on the manager. These Objects are tagged as 'Global' in each server so the user is able to differentiate between them and Local Objects.

 

Notes:

 

  • Device Profiling Rules can be ranked in the FortiNAC Control Manager.
  • NAC policies can only be ranked on each FortiNAC CA server.
  • Policies in each FortiNAC CA server can leverage Global Objects such as groups and user/host profiles.

 

Related documentation:

Network control manager - FortiNAC 9.4.0.

 

CentOS to FortiNAC-OS VM Migration: 

FortiNAC Manager Environments - FortiNAC 9.4.0.

 

Upgrade guide:

OS and Software Upgrade - FortiNAC 9.4.0.

 

Other related articles:

1004
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.