Fortinet black logo

Administration Guide

Home FortiNAC-F 7.4.0 Administration Guide
7.4.0
7.4.0
7.2.0

Version F 7.4.0

Version F 7.4.0

Radius CoA

Complete support for RADIUS Change of Authorization (CoA) with custom attributes (AVPairs).

  • Full support for CoA messages as well as the standard "Packet of Disconnect.”

  • Ability to create a custom change of authorization profile which includes the required AVPairs / standard or vendor specific attributes to be sent in the CoA request message. This will allow the administrator to force a port bounce via RADIUS CoA message.

  • Change of Authorization profile is assigned to the logical network.

See the RFC5176 CoA/Disconnect Message Cookbook.

EduRoam and Radius Service Proxy support

Support for an EduRoam environment with FortiNAC to create an authentication process for visitors from different institutions.

See the EduRoam Cookbook.

RADIUS Service Proxy Support / Deprecate existing (Legacy) Proxy

RADIUS service now supports the ability to proxy authentication requests and accounting packets to another server by creating a server configuration in the Virtual Servers tab of type 'Proxy'.

In pre-7.4 releases, the FortiNAC server itself would listen for and forward RADIUS packets rather than the RADIUS service. This has been deprecated. However, it can still be configured in the 'Legacy Proxy' tab.

SFTP

New SFTP backup feature provides an alternative to FTP backup that allows you to backup FortiNAC configuration by adding a layer of security to the process.

FortiNAC-F OS Migration support for FortiNAC legacy C-Series devices

The current FortiNAC appliances are built based on a Dell OEM hardware running with CentOS 7. FortiNAC CentOS 7 is coming to end-of-life by June 2024. In the near future, FortiNAC releases will only be available on FortiNAC-OS .

See the Hardware Migration Guide.

Agent enhancements

Persistent Agent Enhancements (Status Notification and User Acceptance)

Optionally include the current Logical Network name in the Status notification and tooltip for the Persistent Agent.

Optionally request the user to acknowledge VLAN changes through the Persistent Agent. Even in the case of no acknowledgement, the VLAN will be changed after a configurable timeout.

Support for Palo Alto XDR

Palo Alto XDR is now detected as an Anti-Virus product for Windows and macOS.

Support for Trend Micro Apex One (Japanese Version)

Trend Micro Apex One (Japanese Version) is now supported for Windows.

Device integration

FortiLAN Cloud - FortiAP and FortiSwitch support

User can now add FortiAP and FortiSwitch to FortiLAN Cloud; via service connector, the user can synchronize the devices information from FortiLAN Cloud.

See the FortiLAN page of the administration guide.

Support of Meraki MX as Radius Concentrator/Wireless Controller

See the Meraki MX Controller Wireless Integration Reference Manual.

Support for Claroty

See the Claroty page of the MDM integration guide.

Arista Cloud Wireless Integration

FortiNAC provides network visibility (where endpoints connect) and manages network access for wireless endpoints connecting to Access Points managed by the Arista Cloud Wireless Controller. FortiNAC supports individual SSID configuration and management for this device.

See the Arista Cloud Wireless Integration Reference Manual.

Custom windows registry scan to support date comparison logic

User can create a custom scan to compare registry date value.

See Registry Date under Windows Custom Scan.

HSTS default enabling

HSTS for the Admin GUI is enabled by default in versions 9.4.5+, 7.2.4+, and 7.4.0+.

Previous
Next

Version F 7.4.0

Radius CoA

Complete support for RADIUS Change of Authorization (CoA) with custom attributes (AVPairs).

  • Full support for CoA messages as well as the standard "Packet of Disconnect.”

  • Ability to create a custom change of authorization profile which includes the required AVPairs / standard or vendor specific attributes to be sent in the CoA request message. This will allow the administrator to force a port bounce via RADIUS CoA message.

  • Change of Authorization profile is assigned to the logical network.

See the RFC5176 CoA/Disconnect Message Cookbook.

EduRoam and Radius Service Proxy support

Support for an EduRoam environment with FortiNAC to create an authentication process for visitors from different institutions.

See the EduRoam Cookbook.

RADIUS Service Proxy Support / Deprecate existing (Legacy) Proxy

RADIUS service now supports the ability to proxy authentication requests and accounting packets to another server by creating a server configuration in the Virtual Servers tab of type 'Proxy'.

In pre-7.4 releases, the FortiNAC server itself would listen for and forward RADIUS packets rather than the RADIUS service. This has been deprecated. However, it can still be configured in the 'Legacy Proxy' tab.

SFTP

New SFTP backup feature provides an alternative to FTP backup that allows you to backup FortiNAC configuration by adding a layer of security to the process.

FortiNAC-F OS Migration support for FortiNAC legacy C-Series devices

The current FortiNAC appliances are built based on a Dell OEM hardware running with CentOS 7. FortiNAC CentOS 7 is coming to end-of-life by June 2024. In the near future, FortiNAC releases will only be available on FortiNAC-OS .

See the Hardware Migration Guide.

Agent enhancements

Persistent Agent Enhancements (Status Notification and User Acceptance)

Optionally include the current Logical Network name in the Status notification and tooltip for the Persistent Agent.

Optionally request the user to acknowledge VLAN changes through the Persistent Agent. Even in the case of no acknowledgement, the VLAN will be changed after a configurable timeout.

Support for Palo Alto XDR

Palo Alto XDR is now detected as an Anti-Virus product for Windows and macOS.

Support for Trend Micro Apex One (Japanese Version)

Trend Micro Apex One (Japanese Version) is now supported for Windows.

Device integration

FortiLAN Cloud - FortiAP and FortiSwitch support

User can now add FortiAP and FortiSwitch to FortiLAN Cloud; via service connector, the user can synchronize the devices information from FortiLAN Cloud.

See the FortiLAN page of the administration guide.

Support of Meraki MX as Radius Concentrator/Wireless Controller

See the Meraki MX Controller Wireless Integration Reference Manual.

Support for Claroty

See the Claroty page of the MDM integration guide.

Arista Cloud Wireless Integration

FortiNAC provides network visibility (where endpoints connect) and manages network access for wireless endpoints connecting to Access Points managed by the Arista Cloud Wireless Controller. FortiNAC supports individual SSID configuration and management for this device.

See the Arista Cloud Wireless Integration Reference Manual.

Custom windows registry scan to support date comparison logic

User can create a custom scan to compare registry date value.

See Registry Date under Windows Custom Scan.

HSTS default enabling

HSTS for the Admin GUI is enabled by default in versions 9.4.5+, 7.2.4+, and 7.4.0+.

Previous
Next