Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ByteHaven
New Contributor

Created on ‎11-04-2025 01:05 PM

FortiNAC rest API and L3 polling

Hello FNAC admins,

I’m reading this article about the recommended way to deploy FortiNAC:

FortiNAC deployment 

I got to part 3 about polling, specifically the REST API section. It says:

“The API key allows FortiNAC to bypass the need to authenticate every time it connects, improving performance.”

Screenshot 2025-11-04 214939.png

I’m not fully sure what that means in practice. What exactly does the API key do, and is it really necessary to configure it?

There’s also another line that says:

“It is also important to verify that L3 devices that are added in FortiNAC will not be automatically included in the L3 polling feature.”

Screenshot 2025-11-04 215002.png

I’m a bit confused about this part, if we add Layer 3 devices to FortiNAC but don’t include them in L3 polling, what’s the point of adding them? Does that mean I shouldn’t use polling on firewalls and only use it on access switches? If so is there a specific list of devices to exclude from FortiNAC

 

Thanks in advance for your help

BR,

 
Labels:
109
0 Kudos
4 REPLIES 4
AEK
SuperUser
SuperUser

Created on ‎11-04-2025 08:25 PM

Hi BH

When API ffirst login with id and password it receives a key. Then for all following requests it uses the key instead of reintering user and pass.

It is recommended to use API for faster response.

For your second question the document just means when you add a router or firewall to FNAC the L3 poll is not enabled automatically, and you need to enable it manually as explained . 

AEK
AEK
93
ByteHaven
New Contributor
In response to AEK

Created on ‎11-05-2025 12:23 AM

Hey AEK,

Thank you for your answer.

Sorry for my ignorance, but what do they mean by FNAC authenticating every time? Does that mean FortiNAC has to authenticate each time during the polling process ? and to automate that it is recommened to use API ?

BR,

84
0 Kudos
AEK
SuperUser
SuperUser
In response to ByteHaven

Created on ‎11-05-2025 12:30 AM

Absolutely, it logs in on every L2/L3 poll, and also when changing the VLAN for a port, and other operations.

The API is to avoid logging in each time it needs to run a command, and also it is fast because it is done in one shot, and the output has a standard format (JSON).

While the classic mode is using CLI (ssh/telnet) where FNAC logs in, then enters a command, then waits for a specific output, then enters the next command, ... and so... Also the output is not in standard format.

You guess now how API is faster and cleaner.

AEK
AEK
82
ByteHaven
New Contributor
In response to AEK

Created on ‎11-05-2025 01:13 AM

And I thought the polling feature was just a simple click to poll informations from the registered device (inventory) on FortiNAC, I didn't know there was other configurations to do.

Thank you so much for this explanation

BR,

71
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.