Version:


Table of Contents

Download PDF
Copy Link

Overview

This document provides the steps necessary for installing FortiNAC appliance(s). It is intended to be used in conjunction with the FortiNAC Deployment Guide in the Fortinet Document Library.

For simplicity, this document only discusses the deployment of a FortiNAC virtual appliance with a direct connection to the internet. Other deployment scenarios are possible and more secure. Using a virtual network with a VPN gateway is the preferred deployment. However, those deployments are more involved and beyond the scope of this document.

Note: A gateway is required if Azure appliances will be deployed in a High Availability configuration.

Virtual Appliance (VM) Part Numbers

Part Number

Description

FNC-MX-VM

Control Manager

FNC-CAX-VM

Control and Application Server (CA)

Requirements

Considerations

  • Currently, there is no Azure Market place appliance/product available to quickly deploy a FortiNAC Instance. Instructions are provided to create a disk image.

  • In versions 7.x and greater, FortiNAC doesn't have any ports open by default. In previous versions, this was not the case. As features are configured, ports must also be added to the allowaccess list in order for the feature to work.

Operating System and Open Ports

The FortiNAC software runs on top of the FortiNAC-OS operating system. For security purposes, FortiNAC-OS does not have any open (listening) TCP/UDP ports configured by default. Access must be configured using the "set allowaccess" command via the appliance CLI. The ports that must be enabled depend upon the features required.

The best practice is to keep the number of open ports to a minimum, and block all other ports. If there is a need to provide users access to network resources through a static port (e.g., from outside a firewall), the best option is to allow users to connect by VPN.  For details, see Open Ports in the FortiNAC Administration Guide.

Overview

This document provides the steps necessary for installing FortiNAC appliance(s). It is intended to be used in conjunction with the FortiNAC Deployment Guide in the Fortinet Document Library.

For simplicity, this document only discusses the deployment of a FortiNAC virtual appliance with a direct connection to the internet. Other deployment scenarios are possible and more secure. Using a virtual network with a VPN gateway is the preferred deployment. However, those deployments are more involved and beyond the scope of this document.

Note: A gateway is required if Azure appliances will be deployed in a High Availability configuration.

Virtual Appliance (VM) Part Numbers

Part Number

Description

FNC-MX-VM

Control Manager

FNC-CAX-VM

Control and Application Server (CA)

Requirements

Considerations

  • Currently, there is no Azure Market place appliance/product available to quickly deploy a FortiNAC Instance. Instructions are provided to create a disk image.

  • In versions 7.x and greater, FortiNAC doesn't have any ports open by default. In previous versions, this was not the case. As features are configured, ports must also be added to the allowaccess list in order for the feature to work.

Operating System and Open Ports

The FortiNAC software runs on top of the FortiNAC-OS operating system. For security purposes, FortiNAC-OS does not have any open (listening) TCP/UDP ports configured by default. Access must be configured using the "set allowaccess" command via the appliance CLI. The ports that must be enabled depend upon the features required.

The best practice is to keep the number of open ports to a minimum, and block all other ports. If there is a need to provide users access to network resources through a static port (e.g., from outside a firewall), the best option is to allow users to connect by VPN.  For details, see Open Ports in the FortiNAC Administration Guide.