Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
ebilcari
Staff
Staff

Created on ‎02-08-2023 03:16 AM Edited on ‎11-17-2023 08:13 AM By Moderator

Article Id 244962

Troubleshooting Tip: Persistent Agent not able to start communication

Description

 

This article describes how to resolve cases with new devices with PA that have all the configurations done where the PA still cannot connect (particularly with newly purchased devices, dongles, or VMs).

 

Scope

 

FortiNAC, PA, MAC, OUI.

 

Solution

 

The most helpful information is seen from FortiNAC after enabling these debug logs:

 

nacdebug -name PersistentAgent true

logs
tf output.nessus

 

Partial output of the Nessus logs:

 

yams.PersistentAgent FINER :: 2023-02-03 17:25:16:881 :: #41 :: Invalid OUI: 00:76:6F:6C:23:01
yams.PersistentAgent FINER :: 2023-02-03 17:25:16:881 :: #41 :: validateHost() called with empty agentMacs, returning empty
yams.PersistentAgent FINER :: 2023-02-03 17:25:16:881 :: #41 :: PersistentAgent.parseMachine() - invoking verifyClients
yams.PersistentAgent FINER :: 2023-02-03 17:25:16:882 :: #41 :: verifyClients 10.1.3.11 is not a remote IP

 

Check that specific OUI from FortiNAC CLI:

 

validmac -mac '00:76:6F:6C:23:01'

00:76:7F:6C:23:01 Invalid

 

Solution 1: Update FortiNAC, the OUI database should be populated with the latest Vendor OUIs.

 

Solution 2: Manually create an OUI:

In the Administration GUI, navigate to System -> Settings -> Identification -> Vendor OUIs.

In the Vendor OUI field, enter the first 3 octets of the device’s Physical Address in hexadecimal format (for example, 00:76:6F). Put a Vendor Name and Vendor Alias then OK.

 

ebilcari_0-1675766002546.png

 

Check from CLI if the MAC address is now identified:

 

validmac -mac '00:76:6F:6C:23:01'
VendorCode:
Vendor OUI = 00:76:6F
Vendor Name = Lab
Vendor Alias = Lab
Description =
Role = NAC-Default
Registration Type = null(0)
User Registration Type = null(9999)

 

From the logs, it will shows that it starts communicating:

 

yams.PersistentAgent FINER :: 2023-02-03 17:29:16:578 :: #43 :: getRemoteUser(10.1.3.11 ) = null
yams.PersistentAgent FINER :: 2023-02-03 17:29:16:578 :: #43 :: validateHost() chose iface 00:76:6F:6C:23:01 10.1.3.11 as primary
yams.PersistentAgent FINER :: 2023-02-03 17:29:16:578 :: #43 :: validateHost() selected host based on num adapters == 1 and not rogue, hostID: 24
yams.PersistentAgent FINER :: 2023-02-03 17:29:16:578 :: #43 :: validateHost() hostAds = [00:76:6F:6C:23:01]
yams.PersistentAgent FINER :: 2023-02-03 17:29:16:578 :: #43 :: validateHost() myAds = [00:76:6F:6C:23:01]
yams.PersistentAgent FINER :: 2023-02-03 17:29:16:578 :: #43 :: validateHost() hostOS = Windows XP/2000 (RFC1323+, w+, tstamp-) [GENERIC] agentOS = Windows 10 Pro 6.3 21H2 10.0.19044.2364
yams.PersistentAgent FINER :: 2023-02-03 17:29:16:578 :: #43 :: validateHost() selected host based on myAds and hostAds. Exiting loop, hostID: 24
yams.PersistentAgent FINER :: 2023-02-03 17:29:16:578 :: #43 :: validateHost() found a host: 24
yams.PersistentAgent FINER :: 2023-02-03 17:29:16:579 :: #43 :: validateHost() returning [ MAC : 00:76:6F:6C:23:01

 

The GUI will show that the PA now is connected:

 

ebilcari_0-1675766987561.png

 

Related articles:

2069
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.