Description | This article show the steps to retrieve FortiGate address ranges by FortiNAC. |
Scope | Prerequisites: 1) FortiGate version 6.4 and above. 2) FortiAnalyzer. 3) FortiNAC running version 9.2.x and above. |
Solution |
Note that addresses are only read from FortiGates that have Fabric Connectors configured for FortiNAC. If no such Fabric Connectors exist, no addresses will be read and created.
This is only done once for each FortiGate, so once the addresses are created for a FortiGate, changes to that FortiGate do not affect changes to the existing address objects.
Prerequisites:
1) In the FortNAC Administration UI, navigate to Network > Service Connectors. 2) Select 'Create New'. 3) Select 'Security Fabric Connection'. 4) Enter the following values and save: IP: Root FortiGate IP address Port: 8013.
1) Authorize FortiNAC on the root FortiGate. 2) Verify connection status. 3) Login to FortiNAC Administration UI from the FortiGate.
To authorize the FortiNAC on the root FortiGate GUI:
1) Enable 'Security Fabric Connection' under the FortiGate interface that will participate in the Fabric config. 2) Go to Security Fabric -> Fabric Connectors. 3) The FortiNAC will be highlighted in the topology list in the right panel with the status Waiting for Authorization. 4) Select on the highlighted FortiNAC and select Authorize.
On FortiNAC the Fabric Connection should show Connected (it is necessary to check it from inside by editing the Service Connector.)
Now on FortiNAC go to Addresses:
1) Select System -> Settings. 2) Expand the System Communication folder. 3) Select Addresses from the tree.
The SSL-VPN Address scope used in the SSL-VPN Portals as a Source IP Pools populated in FortiNAC.
If the Address ranges retrieved by FortiNAC after initial Fabric Connector configuration is deleted, FortiNAC will not retrieve those addresses anymore and the only way to add them again is by typing/adding them manually. |