Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
lfrancelj
Staff
Staff

Created on ‎04-23-2020 09:45 AM Edited on ‎06-10-2025 01:55 AM By Moderator

Article Id 191164

Technical Tip: Manually install and configure 'Persistent Agent' on Windows OS

Description

 

This article describes how to manually install and configure the 'Persistent Agent', provided by the FortiNAC, on Windows OS.

Related document:

Persistent Agent Settings-Administration Guide

Persistent Agent deployment and configuration

Installing ssl certificates - GUIDE

Scope

 

FortiNAC.

 

Solution

 

  1. Download the 'Persistent Agent' installer from the GUI: System -> Settings -> Updates -> Agent Packages to the server or workstation running Windows OS by selecting the installation file that matches the Operating System in use:

 

  
  1. Run the setup file 'FortiNAC Persistent Agent.msi' in this example and follow the installation wizard.
  2. When the installation is finished, the 'Persistent Agent' starts automatically, and it is possible to verify the status in the 'Services' view (select Start -> Run, type in 'services.msc' and select 'OK').
 
 
  1. To configure a destination server for the 'Persistent Agent', change settings in the registry (select Start -> Run, type in 'regedit' and navigate to :

     


HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Bradford Networks\Client Security Agent' --> For 32-bit operating systems.

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Policies\Bradford Networks\Persistent Agent --> For 64-bit operating systems.

 

  1. Change the 'ServerIP' value to the FortiNAC IP address or hostname.
  
 
  1. After changing the 'ServerIP' in the registry, restart the 'FortiNAC Persistent Agent Service' in the 'Services' view (see 3. by selecting 'FortiNAC Persistent Agent Service' and selecting Restart.
 
 
  1. Check the logs in 'C:\ProgramData\Bradford Networks\general.txt', where the progress of connecting 'Persistent Agent' to the previously configured FortiNAC is visible (see step 5).
The authorized application %ProgramFiles%\Bradford Networks\Persistent Agent\bndaemon.exe is enabled in the firewall.
 
2020-04-23 09:51:58 UTC :: ClientState = 1.
2020-04-23 09:51:58 UTC :: ClientStateEnabled = 1.
2020-04-23 09:51:58 UTC :: ServerIP = fnac.forti.lab.
2020-04-23 09:51:58 UTC :: Uninstall = /qn /x {65E4A3F0-A6B3-48DD-B8F8-C340ED03AF71}.
2020-04-23 09:51:58 UTC :: Version = 5.2.1.8.
 
  1. The 'Persistent Agent' has successfully established a secure connection with a message. 

 

2020-04-23 09:51:59 UTC :: Success converting RSA pubkeys to internal format!.
2020-04-23 09:51:59 UTC :: Detected Server Version: 8.6.3.1206.
2020-04-23 09:51:59 UTC :: constructFromBufer verb = Set Parameters.
2020-04-23 09:51:59 UTC :: handleReceivedPacket() -- received this packet.

 
Troubleshooting.
If there are any SSL certificate-related issues/errors reported in the general.txt, ensure that the signing CA certificate, which issues the 'Persistent Agent' certificate on FortiNAC, is added to the 'Trusted Root Certification Authorities' store on all of the client machines. If there are CA certificate hierarchies, such as the Root CA and Intermediate CAs, the whole CA certificate chain must be added to the FortiNAC as well as on all of the client machines in their respective stores. 
 
  • Root CA certificate and any Intermediate CA certificate along with the Persistent Agent certificate to be added in FortiNAC.
  • Root CA certificate and any Intermediate CA certificate are to be added on all Windows computers in the 'Trusted Root Certification Authorities and Intermediate Certification Authorities' store. 
 
To import the Root and Intermediate certificates to the workstation/endpoint, follow the steps below:
  1. Open Windows 'RUN' -> Enter 'mmc' -> go to File -> Add/Remove Snap-in: Certificates -> Add -> Computer account -> Ok.
  2. Select 'Trusted Root Certificate Authority' -> Right-click 'All Tasks' -> Import the Root certificate.
  3. Restart the FortiNAC Persistent Agent service and check.
 
2024_11_01_10_18_13_certmgr_Certificates_Current_User_Intermediate_Certification_Authorities_.png
 
Verify which certificate is used by FortiNAC under System -> Settings -> Security -> Certificate Management.
 

 

Related articles:

Technical Tip: Windows Persistent Agent logs

Technical Tip: Persistent Agent fails to communicate with 'SSL_get_verify_result' log entry

Technical Tip: Agent DNS records (SRV) and checks on Microsoft environment

Technical Tip: How to enable TLS 1.3 for Persistent Agent in FortiNAC
Technical Tip: A simple network example of deploying Persistent Agent in FortiNAC

Technical Tip: Update Persistent agent through FortiNAC

Troubleshooting Tip: Agent installation through Group Policy
Technical Tip: Editing Persistent Agent MSI via Orca

Labels:
15014
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.