Fortinet black logo

Overview

7.2.0
Copy Link
Copy Doc ID 97d22149-549a-11ed-9d74-fa163e15d75b:911625
Download PDF

Overview

This document provides the steps necessary for installing FortiNAC appliance(s). It is intended to be used in conjunction with the FortiNAC Deployment Guide in the Fortinet Document Library.

For additional details on the steps outlined in this document, refer to the appropriate vendor documentation.

Virtual Appliance (VM) Part Numbers

Part Number

Description

FNC-MX-VM

Control Manager

FNC-CAX-VM

Control and Application Server (CA)

The FortiNAC VM can be preconfigured to boot with a predetermined configuration. See Cloud-init for details.

Requirements

  • Direct access to the AWS environment (direct connection or VPN tunnel). Public connections are not recommended due to lack of security.

  • Virtual appliance settings will vary depending on the underlying hardware being used for the hosting server. The ideal result is to yield a virtual environment where the average load does not exceed the Total GHz Rating of CPU Resources Allocated.

    • Determine the appropriate parameters for the virtual environment. It is recommended they be comparable to those of hardware-based FortiNAC appliances. Refer to the following tables in the FortiNAC Data Sheet:

      • Hardware Server Sizing - Hardware server part number most appropriate for the target environment

      • Specifications - Details regarding the applicable part number

      • VM Server Resource Sizing - Suggested values for memory and CPU to allocate for the virtual appliance

  • AWS CLI is installed on a Linux based machine.

    Note

    Important notice

    To run the import2awsimg.sh script successfully, you must use a linux based distribution, i.e. ubuntu. If you are using, windows you can use Ubuntu with Windows Subsystem for Linux.

Considerations

  • In versions 7.x and greater, FortiNAC doesn't have any ports open by default. In previous versions, this was not the case. As features are configured, ports must also be added to the allowaccess list in order for the feature to work.

Operating System and Open Ports

FortiNAC-F series appliances use the FortiNAC-OS operating system. Limited TCP/UDP ports are open by default for security purposes. This was not the case for FortiNAC appliances using the CentOS operating system.

Virtual appliances do not have any TCP/UDP ports listening by default. Opening additional ports requires the use of the "set allowaccess" command in the appliance CLI.

The configuration steps provided include opening ports for the applicable features and functions covered in this guide. As more features are configured, additional access must be enabled using the "set allowaccess" command via the appliance CLI. For details, see Open Ports in the FortiNAC Administration Guide.

The best practice is to keep the number of open ports to a minimum, and block all other ports. If there is a need to provide users access to network resources through a static port (e.g., from outside a firewall), the best option is to allow users to connect by VPN.

Overview

This document provides the steps necessary for installing FortiNAC appliance(s). It is intended to be used in conjunction with the FortiNAC Deployment Guide in the Fortinet Document Library.

For additional details on the steps outlined in this document, refer to the appropriate vendor documentation.

Virtual Appliance (VM) Part Numbers

Part Number

Description

FNC-MX-VM

Control Manager

FNC-CAX-VM

Control and Application Server (CA)

The FortiNAC VM can be preconfigured to boot with a predetermined configuration. See Cloud-init for details.

Requirements

  • Direct access to the AWS environment (direct connection or VPN tunnel). Public connections are not recommended due to lack of security.

  • Virtual appliance settings will vary depending on the underlying hardware being used for the hosting server. The ideal result is to yield a virtual environment where the average load does not exceed the Total GHz Rating of CPU Resources Allocated.

    • Determine the appropriate parameters for the virtual environment. It is recommended they be comparable to those of hardware-based FortiNAC appliances. Refer to the following tables in the FortiNAC Data Sheet:

      • Hardware Server Sizing - Hardware server part number most appropriate for the target environment

      • Specifications - Details regarding the applicable part number

      • VM Server Resource Sizing - Suggested values for memory and CPU to allocate for the virtual appliance

  • AWS CLI is installed on a Linux based machine.

    Note

    Important notice

    To run the import2awsimg.sh script successfully, you must use a linux based distribution, i.e. ubuntu. If you are using, windows you can use Ubuntu with Windows Subsystem for Linux.

Considerations

  • In versions 7.x and greater, FortiNAC doesn't have any ports open by default. In previous versions, this was not the case. As features are configured, ports must also be added to the allowaccess list in order for the feature to work.

Operating System and Open Ports

FortiNAC-F series appliances use the FortiNAC-OS operating system. Limited TCP/UDP ports are open by default for security purposes. This was not the case for FortiNAC appliances using the CentOS operating system.

Virtual appliances do not have any TCP/UDP ports listening by default. Opening additional ports requires the use of the "set allowaccess" command in the appliance CLI.

The configuration steps provided include opening ports for the applicable features and functions covered in this guide. As more features are configured, additional access must be enabled using the "set allowaccess" command via the appliance CLI. For details, see Open Ports in the FortiNAC Administration Guide.

The best practice is to keep the number of open ports to a minimum, and block all other ports. If there is a need to provide users access to network resources through a static port (e.g., from outside a firewall), the best option is to allow users to connect by VPN.