Fortinac Agent Not Active

rcpdkc · ‎01-04-2024

I'm using Fortinac-F version 7.2. We have the following problem. When I install the agent on a machine in the domain, we can see it as active in the management interface. But when I install it on a machine outside the domain, the agent appears as deactive even though it is properly installed, what could be the reason for this?

AEK · ‎01-04-2024

Probably certificate issue.

I guess you signed the FortiNAC's certificate from your domain's CA. So the clients of your domain trust this certificate and can establish SSL connection, but the other can't since they don't have the required certificate CA.

AEK

rcpdkc · ‎01-04-2024

Although all the certificates were the same (I installed it myself), it was still the same.

AEK · ‎01-05-2024

What you mean exactly by disabled status? Can you share a screenshot?

AEK

ebilcari · ‎01-05-2024

The certificates on FNAC is the same, but the end host should include the CA that is used to sign the Agent certificate in their trust store.
In this case the agent logs on the end host are very helpful to troubleshoot this further.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

rcpdkc · ‎01-06-2024

Are you talking about the certificate I got from Windows Ad for Fortinac?

ebilcari · ‎01-08-2024

Usually the CA role is a dedicated server separate from AD, but as long as you have the root CA in the trusted store of the end host (part of the domain or not) the PA should start communicating with FNAC.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.