NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
Upon installation of the Persistent Agent, the following message displays on the endstation:
"The computer name in the certificate, bradfordnetworks.com, does not match the name of the target computer, <NAC server name>. Unable to connect."
This message will appear when NAC does not have a valid SSL Certificate installed for the Persistent Agent target.
The general process the Persistent Agent uses to communicate is as follows:
1. Determine the identity of the NAC Server or Application Server to which the agent should connect. This information can be provided to the agent in one of three ways: - Agent server communication while in Captive Portal using DNS SRV records - Registry key configuration via software push - SRV Records on corporate production DNS server
2. Attempt to establish communication to the server over SSL/TLS using TCP port 4568*. This communication requires SSL certificates installed on NAC.
3. Once SSL/TLS communication is established, either UDP port 4567 or TCP 4568** is used for most all other agent/server communication.
*If the Security Registry Key setting on the endstations installing the agent is disabled, SSL certificates are not required. ** Agent 5.x and later with NAC 8.2 and later uses TCP 4568 only
Scope Version: Persistent Agent version 3.x and higher Solution Option 1: Install or renew SSL Certificate in NAC for the Persistent Agent target. Refer to Cookbook Recipe Installing SSL Certificates.
Option 2: Disable the Security Registry Key setting on the endstations installing the agent. This can only be done via software push. Refer to Cookbook Recipe Distributing Agent and Registry Settings.
For additional information, refer to related articles below.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.