Version F 7.4.0
Radius CoA
Complete support for RADIUS Change of Authorization (CoA) with custom attributes (AVPairs).
-
Full support for CoA messages as well as the standard "Packet of Disconnect.”
-
Ability to create a custom change of authorization profile which includes the required AVPairs / standard or vendor specific attributes to be sent in the CoA request message. This will allow the administrator to force a port bounce via RADIUS CoA message.
-
Change of Authorization profile is assigned to the logical network.
See the RFC5176 CoA/Disconnect Message Cookbook.
EduRoam and Radius Service Proxy support
Support for an EduRoam environment with FortiNAC to create an authentication process for visitors from different institutions.
See the EduRoam Cookbook.
RADIUS Service Proxy Support / Deprecate existing (Legacy) Proxy
RADIUS service now supports the ability to proxy authentication requests and accounting packets to another server by creating a server configuration in the Virtual Servers tab of type 'Proxy'.
In pre-7.4 releases, the FortiNAC server itself would listen for and forward RADIUS packets rather than the RADIUS service. This has been deprecated. However, it can still be configured in the 'Legacy Proxy' tab.
SFTP
New SFTP backup feature provides an alternative to FTP backup that allows you to backup FortiNAC configuration by adding a layer of security to the process.
FortiNAC-F OS Migration support for FortiNAC legacy C-Series devices
The current FortiNAC appliances are built based on a Dell OEM hardware running with CentOS 7. FortiNAC CentOS 7 is coming to end-of-life by June 2024. In the near future, FortiNAC releases will only be available on FortiNAC-OS .
See the Hardware Migration Guide.
Agent enhancements
Persistent Agent Enhancements (Status Notification and User Acceptance)
Optionally include the current Logical Network name in the Status notification and tooltip for the Persistent Agent.
Optionally request the user to acknowledge VLAN changes through the Persistent Agent. Even in the case of no acknowledgement, the VLAN will be changed after a configurable timeout.
Support for Palo Alto XDR
Palo Alto XDR is now detected as an Anti-Virus product for Windows and macOS.
Support for Trend Micro Apex One (Japanese Version)
Trend Micro Apex One (Japanese Version) is now supported for Windows.
Device integration
FortiLAN Cloud - FortiAP and FortiSwitch support
User can now add FortiAP and FortiSwitch to FortiLAN Cloud; via service connector, the user can synchronize the devices information from FortiLAN Cloud.
See the FortiLAN page of the administration guide.
Support of Meraki MX as Radius Concentrator/Wireless Controller
See the Meraki MX Controller Wireless Integration Reference Manual.
Support for Claroty
See the Claroty page of the MDM integration guide.
Arista Cloud Wireless Integration
FortiNAC provides network visibility (where endpoints connect) and manages network access for wireless endpoints connecting to Access Points managed by the Arista Cloud Wireless Controller. FortiNAC supports individual SSID configuration and management for this device.
See the Arista Cloud Wireless Integration Reference Manual.
Custom windows registry scan to support date comparison logic
User can create a custom scan to compare registry date value.
See Registry Date under Windows Custom Scan.
HSTS default enabling
HSTS for the Admin GUI is enabled by default in versions 9.4.5+, 7.2.4+, and 7.4.0+.