Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rcpdkc
Contributor II

Created on ‎05-29-2024 07:09 AM

Fortinac MacOS Problem

Hello, I installed fortinac agent on mac computer by applying the document I gave below. Although the device reaches Fortinac, the popup does not open. why can it be?

 

https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/cf9ed9ff-de2f-11ea-96b9-005056...

Labels:
431
0 Kudos
8 REPLIES 8
AEK
SuperUser
SuperUser

Created on ‎05-29-2024 09:26 AM

Hi

Which popup you mean? Message popup? Credentials popup? ...

Do you see the MacOS client is registered on FortiNAC? In host view do you see the agent column for this host in online status? or do you see a red bolt icon instead?

AEK
AEK
402
rcpdkc
Contributor II
In response to AEK

Created on ‎05-29-2024 02:29 PM

The pop-up where we enter credentials does not come up. It does not appear to be online. There's a red bolt

379
0 Kudos
AEK
SuperUser
SuperUser
In response to rcpdkc

Created on ‎05-29-2024 11:18 PM

A red bolt means the there is no communication between the agent and FNAC. It can be one of the following reasons:

  • Certificate is not installed or not trusted (the most common case)
  • Agent is down
  • Client firewall or network firewall may block the communication
AEK
AEK
341
rcpdkc
Contributor II
In response to AEK

Created on ‎05-30-2024 01:05 AM

I have installed the domain certificate. Is there any other certificate I need to install ? Do I need to install the certificate in Fortinac ? In which directory do I need to install the certificate ? I can access Nac from the host where the agent is located.

323
0 Kudos
ebilcari
Staff
Staff
In response to rcpdkc

Created on ‎05-30-2024 01:20 AM

The agent certificate should be applied to target "Persistent Agent" and should also include the trust chain. Same CA used to sign this PA certificate should be present in the end host.

certs.PNG

For more information you can check also the agent logs in the end host as shown here.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
317
rcpdkc
Contributor II
In response to ebilcari

Created on ‎05-30-2024 01:33 AM Edited on ‎05-30-2024 01:34 AM

Do we need to add this certificate to the login or do we need to add it to the keychain?

307
0 Kudos
rcpdkc
Contributor II

Created on ‎05-30-2024 05:47 AM

I have set up the agent link but the popup where the user has to enter their information does not open?deneme.PNG

272
0 Kudos
AEK
SuperUser
SuperUser
In response to rcpdkc

Created on ‎05-30-2024 12:19 PM

Actually I don't have experience with MacOS' PA. But if I follow the doc I see that you need to check the following output:

sudo defaults read /Library/Preferences/com.bradfordnetworks.bndaemon.policy

Value of LoginDialogDisabled should be 0 (zero), otherwise set it to 0 and restart the agent service.

Just for info, on Windows clients that are part of the domain we don't need to enable this feature, since the user info is obtained automatically by PA and sent to FNAC. But on Mac I actually don't now if it is required, so I think you should check if there is a good reason for which you may need it.

AEK
AEK
242
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.