DescriptionThis article describes how to install a newer FortiNAC
version from the CLI after downloading the image .bin file.Solution1) Go
to the Fortinet support account, Support -> Firmware Download and select
product: FortiNAC. Navigate to the For...
DescriptionRunning the remote user sync rule does not remove users
(deleted remote LDAP users, or which are not anymore members of the
group configured in the sync rule), but only adds new ones.Solution
There are two possible solutions: 1) The maximu...
DescriptionThis article describes how to run L2 Polling from
CLI.ScopeFor version 8.8 and 9.1.SolutionConnect to FortiNAC CLI using a
SSH terminal:Then run this command 'ReadForwardingTbl –ip' following by
the IP address of the unit.This tool does a ...
DescriptionThis article describes how to check the proxy settings on
FortiNAC from CLISolutionCreate SSH session towards FortiNAC, run the
following command:cat /etc/yum.confExample of adding proxy server to
FortiNAC and verifying the settings from C...
Description This article expands upon the Tiered Architecture feature
illustrates in greater detail the purpose of tiered archit...
Hi, this is kind of good news/bad news. For access to the firmware
images over https://support.fortinet.com you would need to have a valid
support contract. Good news is, you can purchase a support contract
based on your needs over an official Fortin...
Hi, if you would like to use FSSO for passive user authentication, you
have two options:- Active Directory Connector would be for direct FSSO
polling from the FortiGate, where the FGT connects directly to your AD
server and retrieves Windows Security...
Hi, checking the debug messages should be a good start, you can run the
following debugs over CLI and try to authenticate again:diag debug reset
diag debug console timestamp enable diag debug app fnbamd -1 diag debug
app sslvpn -1 diag debug enable T...
Hi, usually token drift would be shown as a simple incorrect token code
or token out of sync (as it would not match what the FAC is expecting
for that timestamp). You can check for token drift as described here:
Hi, there is a registry entry in FSSO Collector Agent that you could
use, dc_agent_ignore_ip_list. All IP addresses added to this registry
entry will be ignored for IP based FSSO.In this registry entry you can
add individual IPs, and starting from FS...