Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Thonno
New Contributor III

Created on ‎09-28-2024 08:35 AM

Captive Portal Missing and Host Registration Error on FortiNAC 7.2.4

 

Hi,

I am using a FortiNAC-CA 7.2.4 (FortiNAC-OS) with a basic FortiNAC license.

 Screenshot 2024-09-28 173342.png

Network Infos:

The FortiNAC is connected via cable to a switch and terminates on a FortiGate through port6 (0.0.0.0/0) with a VLAN stub and VLAN Isolation.

 

I have configured port1 for MGMT (Layer 3) and port2 in L3 Isolation mode, with an IP on the VLAN stub and a Range Scope for the VLAN Isolation.

 

The FortiGate acts as a DHCP relay towards the IPs of the FortiNAC (both port1 and port2).

 

FortiNAC infos:

I created two groups (MAB_VLAN2 and MAB_VLAN3) and two roles (ROLE_VLAN2 and ROLE_VLAN3). I then set up user configurations with the following logic:

  1. If the user does not belong to the groups VLAN2, VLAN3, or Registered_HostLogical Network Isolation
  2. If the user belongs to group VLAN2 and has ROLE_VLAN2Logical Network VLAN2
  3. If the user belongs to group VLAN3 and has ROLE_VLAN3Logical Network VLAN3

I am using a test switch and a test PC, and from manual testing, it seems everything works fine.

 

Issues:

I’m facing two issues for which I require assistance:

  1. I cannot find the Captive Portal configuration menu. Is it not included with the basic license? Without the Captive Portal, I have no way to auto-register hosts.

1.png

  1. When trying to register the test PC from the Host Inventory, I encounter the error: "HOST Exceeded concurrent connection license limit", but if I delete the host and manually recreate it, the registration works.

I have disabled all Device Profiling rules, and there are no registered hosts except for about ten rogue hosts that are automatically discovered by the test switch.
Immagine 2024-09-28 173230.png

Could you please provide assistance?

Labels:
544
0 Kudos
1 Solution
ebilcari
Staff
Staff

Created on ‎09-28-2024 08:55 AM

Yes correct, the BASE license doesn't offer support for Captive Portal and guest management. This were the old license options/features:

old license.png

 

Lately the BASE license is removed and now only PLUS and PRO are used (page 10 on DS). You can try to download again the same license from the customer portal or contact your local sales representative for more information.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

View solution in original post

536
0 Kudos
6 REPLIES 6
ebilcari
Staff
Staff

Created on ‎09-28-2024 08:55 AM

Yes correct, the BASE license doesn't offer support for Captive Portal and guest management. This were the old license options/features:

old license.png

 

Lately the BASE license is removed and now only PLUS and PRO are used (page 10 on DS). You can try to download again the same license from the customer portal or contact your local sales representative for more information.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
537
0 Kudos
AEK
SuperUser
SuperUser
In response to ebilcari

Created on ‎09-28-2024 10:19 AM

I also notice there is no PA in base license.

I wonder which customer profile may acquire a base license.

AEK
AEK
506
Thonno
New Contributor III

Created on ‎10-01-2024 07:51 AM

Hi, and thanks for the information! I’ve been provided with the following licenses, which I’ve registered on the portal:

  • 2 licenses for 1-year coverage for FortiNAC-CA-700F
  • 1 license for FortiNAC VM FortiNAC Pro

The FortiNAC I have is physical and it’s the 700F model.

I registered the FortiNAC's serial number on the portal and uploaded all three licenses to the device. I downloaded both the FortiNAC License Key File (.lic) and the Network Sentry Key File (.lic), but I can only upload the first one, as the second one gives me an error.

Even though I’ve uploaded the license file, the system remains in BASE mode without access to the portal, etc.

Do I need to deploy a VM that acts as a Manager?

I’m not sure what to do next. Thanks a lot for the help!

364
0 Kudos
ebilcari
Staff
Staff
In response to Thonno

Created on ‎10-01-2024 08:08 AM

The license file downloaded in 'FortiNAC License File Download' should be enough to license the appliance, the 'Network Sentry Key File' is not used any longer. The manager is used in multipod setups that helps share the license between the nodes but it's not mandatory to have it.

Please make sure to use the MAC address of the first port when registering the license in the customer portal.

If the license are subscription based make sure that the appliance has internet access and run a license poll:

# execute enter-shell
$ entitlementstool -poll

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
358
Thonno
New Contributor III
In response to ebilcari

Created on ‎10-01-2024 08:23 AM

Thank you, after executing the commands you provided, the license has also changed in the settings screen.

After restarting the FortiNAC, the Portals menu appeared.

Thank you all!

338
ebilcari
Staff
Staff
In response to Thonno

Created on ‎10-01-2024 08:36 AM

Thank you for your feedback, happy to help!

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
329
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.