Help
FortiNAC-F
FortiNAC-F is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks. For legacy FortiNAC articles prior to FortiNAC-F 7.2, see FortiNAC.
khoffman
Staff
Staff

Created on ‎03-20-2024 11:09 PM

Article Id 305636

Troubleshooting Tip: FortiNAC is unable to L2 poll FortiGate after FOS upgrade

Description

This article describes that FortiNAC is unable to poll FortiGate after the FOS upgrade. 
In some cases, FortiNAC is not aware that the firmware version of the FortiGate has changed. This results in FortiNAC issuing the incorrect API calls for the specific FOS version running on the FortiGate.


Symptoms include: Successfully able to validate credentials however, L2 polling does not return connected endpoints. 
Scope FortiNAC-F v7.X.
Solution
  1. Confirm the firmware version stored in FortiNAC matches the firmware version on the FortiGate.
  • GUI option: Validate the correct firmware version is visible within the elements tab.

element_version.png

  • CLI option: Use the device command to view the firmware version attribute, type: 


execute enter-shell 
device -ip <IP-Address-of-FGT> 


Example: 

fnac-dc-ca-p-kermit # execute enter-shell
fnac-dc-ca-p-kermit:~$ device -ip 10.12.241.30
************************* FGT-Primary *************************
Landscape = 52236132958 00:0C:29:84:22:5E
Pollable = true, Poll interval = 10 Minutes
Type = 1.3.6.1.4.1.12356.101.1.844
Group = 1.3.6.1.4.1.12356
MAC = null
Protocol = SnmpV1
Description = FGT-Primary
IP = 10.12.241.30
State = Active
Status = Established
DBID = 453
Attribute Count = 24
Name = CLI_CREDENTIALS value = CLICredentials
User Name:[admin]
Password:[***]
Enable Password:[***]
SessionType:[SSH2]
Name = SnmpVersion value = 1 length = 1
Name = FirmwareVersion value = Fortigate36000    <------ Missing version value.
Name = userDefinedOID value = false length = 5
Name = AuthVersion value = 2 length = 1
Name = SupportsVirtualization value = true length = 4
Name = RemoteAccessDevice value = 1 length = 1
Name = L2_ENABLED value = true length = 4
Name = L2_POLL_DURATION value = 600 length = 3
Name = L2_MIN_POLL_DURATION value = 300 length = 3
Name = API_VDOMS_ENABLED value = false length = 5
Name = API_Port value = 443 length = 3
Name = RestAPIVersion value = 0 length = 1
Name = MgmtVDOM value = 474 length = 3
Name = 1.3.6.1.2.1.1.3.0 value = 7 days, 5:53:40.47 length = 18
Name = SSLVerifyCertificate value = false length = 5
Name = SSLVerifyHostname value = false length = 5
Name = HasManagedSwitches value = true length = 4
Name = L2_LAST_POLL value = Wed Mar 20 15:07:41 EDT 2024 length = 28
Name = L2_LAST_SUCCESSFUL_POLL value = Wed Mar 20 15:07:41 EDT 2024 length = 28
Name = RadiusServerConfigId value = 1 length = 1
Name = SerialNumber value = FG81EPTKXXXXX length = 16
Name = HaMode value = Active-Passive length = 14
Name = SSOInitialized value = true length = 4
Community Strings: *******
*****************************************************************

 

  1. If there is a mismatch in the 'FirmwareVersion' attribute,  use the 'updateversion' command, from the shell type: 

 

updateversion -ip <IP-Address-of-FGT> 

Example

 

updateversion -ip 10.12.241.30

 

  1. Repeat step 1 to validate. 

 

Example of updated FirmwareVersion: 


fnac-dc-ca-p # execute enter-shell
fnac-dc-ca-p:~$ device -ip 10.12.241.30
************************* FGT-Primary *************************
Landscape = 52236132958 00:0C:29:84:22:5E
Pollable = true, Poll interval = 10 Minutes
Type = 1.3.6.1.4.1.12356.101.1.844
Group = 1.3.6.1.4.1.12356
MAC = null
Protocol = SnmpV1
Description = FGT-Primary
IP = 10.12.241.30
State = Active
Status = Established
DBID = 453
Attribute Count = 24
Name = CLI_CREDENTIALS value = CLICredentials
User Name:[admin]
Password:[***]
Enable Password:[***]
SessionType:[SSH2]
Name = SnmpVersion value = 1 length = 1
Name = FirmwareVersion value = Fortigate36000.7.4.2 length = 20
Name = userDefinedOID value = false length = 5
Name = AuthVersion value = 2 length = 1
Name = SupportsVirtualization value = true length = 4
Name = RemoteAccessDevice value = 1 length = 1
Name = L2_ENABLED value = true length = 4
Name = L2_POLL_DURATION value = 600 length = 3
Name = L2_MIN_POLL_DURATION value = 300 length = 3
Name = API_VDOMS_ENABLED value = false length = 5
Name = API_Port value = 443 length = 3
Name = RestAPIVersion value = 0 length = 1
Name = MgmtVDOM value = 474 length = 3
Name = 1.3.6.1.2.1.1.3.0 value = 7 days, 5:53:40.47 length = 18
Name = SSLVerifyCertificate value = false length = 5
Name = SSLVerifyHostname value = false length = 5
Name = HasManagedSwitches value = true length = 4
Name = L2_LAST_POLL value = Wed Mar 20 15:07:41 EDT 2024 length = 28
Name = L2_LAST_SUCCESSFUL_POLL value = Wed Mar 20 15:07:41 EDT 2024 length = 28
Name = RadiusServerConfigId value = 1 length = 1
Name = SerialNumber value = FG81EPTKXXXXX length = 16
Name = HaMode value = Active-Passive length = 14
Name = SSOInitialized value = true length = 4
Community Strings: *******
*****************************************************************
119
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.