Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rcpdkc
Contributor II

Fortinac Agent Not Active

I'm using Fortinac-F version 7.2. We have the following problem. When I install the agent on a machine in the domain, we can see it as active in the management interface. But when I install it on a machine outside the domain, the agent appears as deactive even though it is properly installed, what could be the reason for this?

6 REPLIES 6
AEK
Honored Contributor

Probably certificate issue.

I guess you signed the FortiNAC's certificate from your domain's CA. So the clients of your domain trust this certificate and can establish SSL connection, but the other can't since they don't have the required certificate CA.

AEK
AEK
rcpdkc
Contributor II

Although all the certificates were the same (I installed it myself), it was still the same.

 

AEK
Honored Contributor

What you mean exactly by disabled status? Can you share a screenshot?

AEK
AEK
ebilcari

The certificates on FNAC is the same, but the end host should include the CA that is used to sign the Agent certificate in their trust store.
In this case the agent logs on the end host are very helpful to troubleshoot this further.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
rcpdkc

  1. Are you talking about the certificate I got from Windows Ad for Fortinac?
ebilcari

Usually the CA role is a dedicated server separate from AD, but as long as you have the root CA in the trusted store of the end host (part of the domain or not) the PA should start communicating with FNAC.

 

cert check.PNG

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
Labels
Top Kudoed Authors