Fortinet black logo

Administration Guide

Home FortiNAC-F 7.4.0 Administration Guide
7.4.0
7.4.0
7.2.0

Credentials

Credentials

When SNMP managed devices are selected from the menu tree in the Inventory, a Credentials tab displays in the right pane. Use this view to verify FortiNAC’s communication with the device or modify the access settings used to connect.

Field

Definition

Validate Credentials

Tests the values entered in the device model against the device:

  • SNMP credentials

  • CLI credentials

  • SSL settings

SNMP Settings

SNMP Protocol

Available options:

  • SNMPv1

  • SNMPv2c

  • SNMPv3-AuthPriv

  • SNMPv3-AuthNoPriv

Security Strings

SNMPv1 Community String

User Name

Required for SNMPv3. User Name for access to the device. Recommended but not required.

Authentication Protocol

Required for SNMPv3. Available options are:

  • MD5

  • SHA1

  • SHA224

  • SHA256

  • SHA384

  • SHA512 (Recommended)

Authentication Password

Required for SNMPv3. Specify password to match what the device is using.

Privacy Protocol

Required for SNMPv3-AuthPriv. Available options are:

  • DES

  • Triple DES

  • AES-128

  • AES-192

  • AES-256 (Recommended)

  • AES-192 Cisco

  • AES-256 Cisco

Privacy Password

Required for SNMPv3-AuthPriv. Specify password to match what the device is using.

Note: Ensure that passwords are at least 8 characters in length. Please note that longer passwords with repetitive strings may result in exactly the same key. For example, a password 'fortfort' will result in exactly the same key as password 'fortfortfort'.

CLI Settings

User Name

The user name used to log on to the device for configuration. This is for CLI access.

Note

The user account must have the appropriate permissions configured on the device.

For network devices using API credentials, the User Name is the serial number of the appliance.

Password

The password required to configure the device. This is for CLI access.

For network devices using API credentials, the Password is the REST API Key.

Enable Password

The enable password for the device. This is for CLI access.

Note: Arista switches can be configured to require typing "enable" to enter enable mode, but no password is needed. For such configurations, populate this field with the # character.

Super Password

The super password required for access to more features on 3Com devices.

HWC Connect Port

Port for the External Captive Portal that was configured by the user on the device during the initial device setup. This port is required for FortiNAC to send commands to the device. Consult the manufacturer for assistance in locating this port number.

Telnet/SSH Connection Timeout (Sec)

Used to determine how long to wait to connect and/or establish a Telnet/SSH session for this device. When disabled (default), the global setting "Telnet/SSH Connection Timeout (Sec)" applies. See Network device.

CLI Command Timeout (Sec)

Used to determine how long to wait for a CLI response (prompt, show commands, etc) for this device. When disabled (default), the global setting "Telnet/SSH Connection Timeout (Sec)" applies. See Network device.

Protocol types

Telnet

Use Telnet to log on to the device for configuration.

SSH1

Use SSH1 to log on to the device for configuration.

SSH2

Use SSH2 to log on to the device for configuration.

SSL Settings

(vF7.2.5 and greater

FortiGate Models Only)

Offers enhanced security for communicating with network devices where FortiNAC uses the REST API. FortiNAC will not communicate with the device unless the SSL connection is considered “secure”.

The public key in the certificate must be signed by a trusted certificate authority (CA) known to FortiNAC. If FortiNAC does not trust the connection, clicking the Validate Credentials button will display "Certificate is not trusted”.

View Certificate

View details for the certificate with the option to import if not already trusted by FortiNAC.

When a certificate is imported, it is listed as a “General Trusted CA” certificate target under the Trusted Certificates view.

Device Certificate Verification

Toggle to enable/disable SSL certificate verification with this device. When enabled, the digital certificate presented by the device must be signed by a trusted certificate authority (CA).

Important: Prior to enabling this option, ensure the CA certificate is listed as a “General Trusted CA” certificate target under the Trusted Certificates view. See Trusted Certificates.

Hostname Verification

Available option when Device Certificate Verification is enabled.

Toggle to enable/disable hostname verification with this device. Adds an additional layer of security. The digital certificate presented by the device must contain the IP or hostname of the device in the subject alternative name (SAN) or the common name (CN). The SAN takes precedence and is checked first.

Previous
Next

Credentials

When SNMP managed devices are selected from the menu tree in the Inventory, a Credentials tab displays in the right pane. Use this view to verify FortiNAC’s communication with the device or modify the access settings used to connect.

Field

Definition

Validate Credentials

Tests the values entered in the device model against the device:

  • SNMP credentials

  • CLI credentials

  • SSL settings

SNMP Settings

SNMP Protocol

Available options:

  • SNMPv1

  • SNMPv2c

  • SNMPv3-AuthPriv

  • SNMPv3-AuthNoPriv

Security Strings

SNMPv1 Community String

User Name

Required for SNMPv3. User Name for access to the device. Recommended but not required.

Authentication Protocol

Required for SNMPv3. Available options are:

  • MD5

  • SHA1

  • SHA224

  • SHA256

  • SHA384

  • SHA512 (Recommended)

Authentication Password

Required for SNMPv3. Specify password to match what the device is using.

Privacy Protocol

Required for SNMPv3-AuthPriv. Available options are:

  • DES

  • Triple DES

  • AES-128

  • AES-192

  • AES-256 (Recommended)

  • AES-192 Cisco

  • AES-256 Cisco

Privacy Password

Required for SNMPv3-AuthPriv. Specify password to match what the device is using.

Note: Ensure that passwords are at least 8 characters in length. Please note that longer passwords with repetitive strings may result in exactly the same key. For example, a password 'fortfort' will result in exactly the same key as password 'fortfortfort'.

CLI Settings

User Name

The user name used to log on to the device for configuration. This is for CLI access.

Note

The user account must have the appropriate permissions configured on the device.

For network devices using API credentials, the User Name is the serial number of the appliance.

Password

The password required to configure the device. This is for CLI access.

For network devices using API credentials, the Password is the REST API Key.

Enable Password

The enable password for the device. This is for CLI access.

Note: Arista switches can be configured to require typing "enable" to enter enable mode, but no password is needed. For such configurations, populate this field with the # character.

Super Password

The super password required for access to more features on 3Com devices.

HWC Connect Port

Port for the External Captive Portal that was configured by the user on the device during the initial device setup. This port is required for FortiNAC to send commands to the device. Consult the manufacturer for assistance in locating this port number.

Telnet/SSH Connection Timeout (Sec)

Used to determine how long to wait to connect and/or establish a Telnet/SSH session for this device. When disabled (default), the global setting "Telnet/SSH Connection Timeout (Sec)" applies. See Network device.

CLI Command Timeout (Sec)

Used to determine how long to wait for a CLI response (prompt, show commands, etc) for this device. When disabled (default), the global setting "Telnet/SSH Connection Timeout (Sec)" applies. See Network device.

Protocol types

Telnet

Use Telnet to log on to the device for configuration.

SSH1

Use SSH1 to log on to the device for configuration.

SSH2

Use SSH2 to log on to the device for configuration.

SSL Settings

(vF7.2.5 and greater

FortiGate Models Only)

Offers enhanced security for communicating with network devices where FortiNAC uses the REST API. FortiNAC will not communicate with the device unless the SSL connection is considered “secure”.

The public key in the certificate must be signed by a trusted certificate authority (CA) known to FortiNAC. If FortiNAC does not trust the connection, clicking the Validate Credentials button will display "Certificate is not trusted”.

View Certificate

View details for the certificate with the option to import if not already trusted by FortiNAC.

When a certificate is imported, it is listed as a “General Trusted CA” certificate target under the Trusted Certificates view.

Device Certificate Verification

Toggle to enable/disable SSL certificate verification with this device. When enabled, the digital certificate presented by the device must be signed by a trusted certificate authority (CA).

Important: Prior to enabling this option, ensure the CA certificate is listed as a “General Trusted CA” certificate target under the Trusted Certificates view. See Trusted Certificates.

Hostname Verification

Available option when Device Certificate Verification is enabled.

Toggle to enable/disable hostname verification with this device. Adds an additional layer of security. The digital certificate presented by the device must contain the IP or hostname of the device in the subject alternative name (SAN) or the common name (CN). The SAN takes precedence and is checked first.

Previous
Next