Unlock Exclusive Benefits
Join Our Community Today!
Join our Community and post in the forum to earn your exclusive badge; celebrating 3 years of the Fortinet Community!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: Persistent agent don't comunicate to FortiNAC
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Persistent agent don't comunicate to FortiNAC
Hi, I'm configuring my first FortiNAC.
I manually installed the Persistent agent on a test PC (OS Windows 11), according to the instructions found in https://community.fortinet.com/t5/FortiNAC/Technical-Tip-Manually-install-and-configure-Persistent-A...
It seems that the agent does not communicate with the Fortinac.
From the PC, telnet to eth1 fortinac on port 4568 is ok.
In the %ProgramData%\Bradford Networks folder I do not find any log files. As suggested I reinstalled the client but without success.
Icon of Persistent agent say: Network access normal. PC is viewed as rogue.
Could you help me?
Thanks in advance.
Solved! Go to Solution.
Labels:
- Labels:
-
FortiNAC
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
2 Solutions
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
On the client, regedit, go the the following path:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Bradford Networks\Persistent Agent
Does the value homeServer is the same as FortiNAC server FQDN or IP?
And is the certificate that you installed in FortiNAC server for agent communication has CN the same as the value defined in the above homeServer key?
AEK
AEK
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The persistent agent should function properly with all types of antivirus software, as one of its functions is to monitor the antivirus and updates status. But in the end this is considered just like a normal software/service from the OS and antivirus perspective and if there are restriction in place, it can block its normal activity.
- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
If you have found a solution, please like and accept it to make it easily accessible for others.
- « Previous
-
- 1
- 2
- Next »
17 REPLIES 17
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The persistent agent should function properly with all types of antivirus software, as one of its functions is to monitor the antivirus and updates status. But in the end this is considered just like a normal software/service from the OS and antivirus perspective and if there are restriction in place, it can block its normal activity.
- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
If you have found a solution, please like and accept it to make it easily accessible for others.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello
You can also check the following.
- On FNAC server using tcpdump, check if you are receiving traffic on port 4568 from the agent
- On FNAC server, check if you installed a certificate (for agent communication) signed from your CA which is trusted from your client
AEK
AEK
Created on 10-02-2024 06:33 AM Edited on 10-04-2024 12:53 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
On the FNAC server I gave the command tcpdump -i eth1 port 4568.
On the PC I first restarted the service and then the PC itself without seeing anything.
From the PC I then telnetted to port 4568 and the session was successful.
> tcpdump -i eth1 port 4568
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
15:13:23.299346 IP prcp19-111.mydomain.com.63586 > isolation.mydomain.com.bmc-reporting: Flags [S], seq 837294100, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
15:13:23.299380 IP isolation.mydomain.com.bmc-reporting > prcp19-111.mydomain.com.63586: Flags [S.], seq 2322422253, ack 837294101, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
15:13:23.300158 IP prcp19-111.mydomain.com.63586 > isolation.mydomain.com.bmc-reporting: Flags [.], ack 1, win 1026, length 0
15:13:43.760751 IP prcp19-111.mydomain.com.63586 > isolation.mydomain.com.bmc-reporting: Flags [P.], seq 1:2, ack 1, win 1026, length 1
15:13:43.760785 IP isolation.mydomain.com.bmc-reporting > prcp19-111.mydomain.com.63586: Flags [.], ack 2, win 229, length 0
15:13:44.930021 IP prcp19-111.mydomain.com.63586 > isolation.mydomain.com.bmc-reporting: Flags [P.], seq 2:4, ack 1, win 1026, length 2
15:13:44.930045 IP isolation.mydomain.com.bmc-reporting > prcp19-111.mydomain.com.63586: Flags [.], ack 4, win 229, length 0
15:13:45.117340 IP prcp19-111.mydomain.com.63586 > isolation.mydomain.com.bmc-reporting: Flags [P.], seq 4:6, ack 1, win 1026, length 2
15:13:45.117362 IP isolation.mydomain.com.bmc-reporting > prcp19-111.mydomain.com.63586: Flags [.], ack 6, win 229, length 0
15:13:45.117832 IP isolation.mydomain.com.bmc-reporting > prcp19-111.mydomain.com.63586: Flags [F.], seq 1, ack 6, win 229, length 0
15:13:45.119538 IP prcp19-111.mydomain.com.63586 > isolation.mydomain.com.bmc-reporting: Flags [.], ack 2, win 1026, length 0
15:13:45.119968 IP prcp19-111.mydomain.com.63586 > isolation.mydomain.com.bmc-reporting: Flags [F.], seq 6, ack 2, win 1026, length 0
15:13:45.119980 IP isolation.mydomain.com.bmc-reporting > prcp19-111.mydomain.com.63586: Flags [.], ack 7, win 229, length 0
Created on 10-02-2024 07:13 AM Edited on 10-02-2024 11:52 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello
On the FNAC server I did the tcdump but I didn't see any packets arriving from the agent.
From the PC I telnet to port 4568 and this is what I saw coming:
> tcpdump -i eth1 port 4568
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
15:13:23.299346 IP prcp19-111.mydomain.63586 > isolation.mydomain.bmc-reporting: Flags [S], seq 837294100, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
15:13:23.299380 IP isolation.mydomain.bmc-reporting > prcp19-111.mydomain.63586: Flags [S.], seq 2322422253, ack 837294101, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
15:13:23.300158 IP prcp19-111.mydomain.63586 > isolation.mydomain.bmc-reporting: Flags [.], ack 1, win 1026, length 0
15:13:43.760751 IP prcp19-111.mydomain.63586 > isolation.mydomain.bmc-reporting: Flags [P.], seq 1:2, ack 1, win 1026, length 1
15:13:43.760785 IP isolation.mydomain.bmc-reporting > prcp19-111.mydomain.63586: Flags [.], ack 2, win 229, length 0
15:13:44.930021 IP prcp19-111.mydomain.63586 > isolation.mydomain.bmc-reporting: Flags [P.], seq 2:4, ack 1, win 1026, length 2
15:13:44.930045 IP isolation.mydomain.bmc-reporting > prcp19-111.mydomain.63586: Flags [.], ack 4, win 229, length 0
15:13:45.117340 IP prcp19-111.mydomain.63586 > isolation.mydomain.bmc-reporting: Flags [P.], seq 4:6, ack 1, win 1026, length 2
15:13:45.117362 IP isolation.mydomain.bmc-reporting > prcp19-111.mydomain.63586: Flags [.], ack 6, win 229, length 0
15:13:45.117832 IP isolation.mydomain.bmc-reporting > prcp19-111.mydomain.63586: Flags [F.], seq 1, ack 6, win 229, length 0
15:13:45.119538 IP prcp19-111.mydomain.63586 > isolation.mydomain.bmc-reporting: Flags [.], ack 2, win 1026, length 0
15:13:45.119968 IP prcp19-111.mydomain.63586 > isolation.mydomain.bmc-reporting: Flags [F.], seq 6, ack 2, win 1026, length 0
15:13:45.119980 IP isolation.mydomain.bmc-reporting > prcp19-111.mydomain.63586: Flags [.], ack 7, win 229, length 0
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
On the client, regedit, go the the following path:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Bradford Networks\Persistent Agent
Does the value homeServer is the same as FortiNAC server FQDN or IP?
And is the certificate that you installed in FortiNAC server for agent communication has CN the same as the value defined in the above homeServer key?
AEK
AEK
Created on 10-03-2024 10:55 PM Edited on 10-07-2024 03:32 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks, I wil do what you suggest. I update you as possible.
Update
I found homeServer in the path:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Bradford Networks\Client Security Agent
I set fortinac.mydomain.com.
the CN in the certificate on the server is: CN=bradfordnetworks.com
I will have to generate a certificate with correct CN.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiNaC is great but if you're an MSP, be prepared to hire or contract some specifically for the deployment and support. It's very granular and there is no "one size fits all". It's a product I have in my test lab for over a year and still have not fully mastered it's deployment in a streamline fashion.
https://vlc.onl/
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Persistent agent Guide should help you is really detailed for diverse scenarios persistent agent deployment
BR
- Happy to help, hit like and accept the solution -
- « Previous
-
- 1
- 2
- Next »
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- Network connections lost - Mac laptop... 170 Views
- Certificate error message when device is... 313 Views
- FORTINAC - USER RE-AUTH WHEN USER... 244 Views
- Persistent agent don't comunicate to FortiNAC 1180 Views
- Compliance Scan Configuration for Delayed OS... 299 Views
Labels
-
FortiGate
8,502 -
FortiClient
1,722 -
5.2
801 -
FortiManager
715 -
5.4
639 -
FortiAnalyzer
548 -
Fortiswitch
460 -
FortiAP
460 -
6.0
416 -
FortiClient EMS
411 -
5.6
362 -
FortiMail
310 -
6.2
251 -
FortiAuthenticator v5.5
234 -
SSL-VPN
223 -
FortiWeb
200 -
5.0
196 -
IPsec
188 -
FortiNAC
180 -
FortiGuard
136 -
6.4
128 -
SD-WAN
110 -
FortiGateCloud
100 -
FortiSIEM
97 -
FortiCloud Products
96 -
FortiToken
89 -
FortiAuthenticator
84 -
Customer Service
78 -
Wireless Controller
76 -
Firewall policy
71 -
4.0MR3
64 -
FortiProxy
59 -
Fortivoice
53 -
FortiADC
53 -
High Availability
53 -
FortiEDR
50 -
vlan
47 -
ZTNA
46 -
FortiExtender
45 -
FortiSandbox
44 -
FortiDNS
42 -
Routing
40 -
DNS
40 -
BGP
39 -
LDAP
39 -
FortiGate v5.4
35 -
FortiSwitch v6.4
34 -
SAML
34 -
Certificate
33 -
Authentication
31 -
SSO
31 -
Interface
31 -
NAT
30 -
RADIUS
29 -
FortiConnect
27 -
FortiLink
27 -
FortiWAN
25 -
FortiConverter
25 -
VDOM
25 -
Application control
25 -
FortiGate v5.2
24 -
Logging
24 -
Web profile
24 -
FortiPAM
22 -
Virtual IP
22 -
Fortigate Cloud
20 -
FortiPortal
19 -
SSL SSH inspection
19 -
FortiSwitch v6.2
18 -
FortiMonitor
18 -
Traffic shaping
17 -
FortiDDoS
15 -
OSPF
15 -
WAN optimization
15 -
FortiGate v5.0
14 -
System settings
14 -
IP address management - IPAM
14 -
SSID
13 -
Static route
13 -
FortiSOAR
12 -
FortiCASB
12 -
snmp
12 -
Automation
12 -
Admin
12 -
Web application firewall profile
12 -
FortiManager v5.0
11 -
FortiManager v4.0
10 -
FortiRecorder
10 -
IPS signature
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
FortiBridge
9 -
Traffic shaping policy
9 -
FortiAP profile
9 -
Proxy policy
9 -
RMA Information and Announcements
8 -
Security profile
8 -
Port policy
8 -
4.0
7 -
FortiDeceptor
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
Fabric connector
7 -
Intrusion prevention
7 -
Explicit proxy
6 -
DNS filter
6 -
trunk
6 -
Packet capture
6 -
Antivirus profile
6 -
Traffic shaping profile
6 -
Fortinet Engage Partner Program
6 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
Web rating
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
FortiDB
3 -
FortiHypervisor
3 -
API
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
Cloud Management Security
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Authentication rule and scheme
2 -
Protocol option
2 -
TACACS
2 -
Schedule
2 -
SDN connector
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1 -
Multicast policy
1 -
Vulnerability Management
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1662 | |
| 1077 | |
| 752 | |
| 446 | |
| 220 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.