Description
This article describes how to manually install and configure 'Persistent Agent', provided by the FortiNAC, on Windows OS.
Fortinet Documentation:
- Persistent Agent Settings-Administration Guide
- Persistent Agent deployment and configuration
- Installing ssl certificates - GUIDE
Scope
FortiNAC.
Solution
- Download the 'Persistent Agent' installer from the GUI:
System -> Settings -> Updates -> Agent Packages to the server or workstation running Windows OS by selecting the installation file that matches the Operating System in use:
- Run the setup file 'FortiNAC Persistent Agent.msi' in this example and follow the installation wizard.
- When the installation is finished the 'Persistent Agent' starts automatically, and it is possible to verify the status in the 'Services' view (select Start -> Run, type in 'services.msc' and select 'OK').
- To configure a destination server for the 'Persistent Agent', change settings in the registry (select Start -> Run, type in 'regedit' and navigate to :
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Bradford Networks\Client Security Agent' --> For 32-bit operating systems.HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Bradford Networks\Persistent Agent --> For 64-bit operating systems.
- Change the 'ServerIP' value to the FortiNAC IP address or hostname.
- After changing the 'ServerIP' in the registry, restart the 'FortiNAC Persistent Agent Service' in the 'Services' view (see 3) by selecting 'FortiNAC Persistent Agent Service' and selecting Restart.
- Check the logs in 'C:\ProgramData\Bradford Networks\general.txt' where the progress of connecting 'Persistent Agent' to the previously configured FortiNAC is visible (see step 5).
The authorized application %ProgramFiles%\Bradford Networks\Persistent Agent\bndaemon.exe is enabled in the firewall.
2020-04-23 09:51:58 UTC :: ClientState = 1.
2020-04-23 09:51:58 UTC :: ClientStateEnabled = 1.
2020-04-23 09:51:58 UTC :: ServerIP = fnac.forti.lab.
2020-04-23 09:51:58 UTC :: Uninstall = /qn /x {65E4A3F0-A6B3-48DD-B8F8-C340ED03AF71}.
2020-04-23 09:51:58 UTC :: Version = 5.2.1.8.
2020-04-23 09:51:58 UTC :: ClientStateEnabled = 1.
2020-04-23 09:51:58 UTC :: ServerIP = fnac.forti.lab.
2020-04-23 09:51:58 UTC :: Uninstall = /qn /x {65E4A3F0-A6B3-48DD-B8F8-C340ED03AF71}.
2020-04-23 09:51:58 UTC :: Version = 5.2.1.8.
- The 'Persistent Agent' has successfully established a secure connection with a message.
2020-04-23 09:51:59 UTC :: Success converting RSA pubkeys to internal format!.
2020-04-23 09:51:59 UTC :: Detected Server Version: 8.6.3.1206.
2020-04-23 09:51:59 UTC :: constructFromBufer verb = Set Parameters.
2020-04-23 09:51:59 UTC :: handleReceivedPacket() -- received this packet.
Troubleshooting.
If there are any SSL certificate-related issues/errors reported in the general.txt, ensure that the signing CA certificate, which issues the 'Persistent Agent' certificate on FortiNAC, is added to the 'Trusted Root Certification Authorities' store on all of the client machines. If there are CA certificate hierarchies, such as the Root CA and Intermediate CAs, the whole CA certificate chain must be added to the FortiNAC as well as on all of the client machines in their respective stores.
- Root CA certificate and any Intermediate CA certificate along with the Persistent Agent certificate to be added in FortiNAC.
- Root CA certificate and any Intermediate CA certificate are to be added on all Windows computers in the 'Trusted Root Certification Authorities and Intermediate Certification Authorities' store.
Verify which certificate is used by FortiNAC under System -> Settings -> Security -> Certificate Management.
Related articles:
Technical Tip: Windows Persistent Agent logs
Technical Tip: Persistent Agent fails to communicate with 'SSL_get_verify_result' log entry.
