Version:


Table of Contents

Download PDF
Copy Link

Overview

This document provides the steps necessary for installing FortiNAC appliance(s). It is intended to be used in conjunction with the FortiNAC Deployment Guide in the Fortinet Document Library.

Virtual Appliance (VM) Part Numbers

Part Number

Description

FNC-MX-VM

Control Manager

FNC-CAX-VM

Control and Application Server (CA)

Requirements

  • Hyper-V Server 2012, Windows 2012 or 2016 Server with Hyper-V.
    Note
    : Remote management must be enabled in Hyper-V Server 2012 to use Hyper-V Manager

  • Hyper-V Server Hardware

    • The requirements for the Hyper-V server used to host your FortiNAC Virtual Machine will vary greatly depending on many different factors. Factors include:

      • The number of other Virtual Machines that are running on the same server

      • The load those VMs place on the server

      • The number of devices, hosts and users on your network that are to be managed by FortiNAC

  • Virtual appliance specifications and resource sizing values, including memory and CPU. See section Appliance Installation of the Deployment Guide for details. This information will be required when creating the virtual machine.

  • Virtual Machine Generation: Generation 1 (for VHD) with IDE must be used. Generation 2 (for VHDX) with SCSI and UEFI is not supported at this time.

  • VLAN Tagging and Trunking are supported with CentOS-7 and Hyper-V on Windows Server version 2016, 2012 R2, 2012, or 2008 R2. When configuring adapters for Layer 2 VLAN Tagging/Trunking, see VLAN Tagging in Appendix.

Considerations

In versions 7.x and greater, FortiNAC doesn't have any ports open by default. In previous versions, this was not the case. As features are configured, ports must also be added to the allowaccess list in order for the feature to work.

Operating System and Open Ports

The FortiNAC software runs on top of the FortiNAC-OS operating system. For security purposes, FortiNAC-OS does not have any open (listening) TCP/UDP ports configured by default. Access must be configured using the "set allowaccess" command via the appliance CLI. The ports that must be enabled depend upon the features required.

The best practice is to keep the number of open ports to a minimum, and block all other ports. If there is a need to provide users access to network resources through a static port (e.g., from outside a firewall), the best option is to allow users to connect by VPN.  For details, see Open Ports in the FortiNAC Administration Guide.

Overview

This document provides the steps necessary for installing FortiNAC appliance(s). It is intended to be used in conjunction with the FortiNAC Deployment Guide in the Fortinet Document Library.

Virtual Appliance (VM) Part Numbers

Part Number

Description

FNC-MX-VM

Control Manager

FNC-CAX-VM

Control and Application Server (CA)

Requirements

  • Hyper-V Server 2012, Windows 2012 or 2016 Server with Hyper-V.
    Note
    : Remote management must be enabled in Hyper-V Server 2012 to use Hyper-V Manager

  • Hyper-V Server Hardware

    • The requirements for the Hyper-V server used to host your FortiNAC Virtual Machine will vary greatly depending on many different factors. Factors include:

      • The number of other Virtual Machines that are running on the same server

      • The load those VMs place on the server

      • The number of devices, hosts and users on your network that are to be managed by FortiNAC

  • Virtual appliance specifications and resource sizing values, including memory and CPU. See section Appliance Installation of the Deployment Guide for details. This information will be required when creating the virtual machine.

  • Virtual Machine Generation: Generation 1 (for VHD) with IDE must be used. Generation 2 (for VHDX) with SCSI and UEFI is not supported at this time.

  • VLAN Tagging and Trunking are supported with CentOS-7 and Hyper-V on Windows Server version 2016, 2012 R2, 2012, or 2008 R2. When configuring adapters for Layer 2 VLAN Tagging/Trunking, see VLAN Tagging in Appendix.

Considerations

In versions 7.x and greater, FortiNAC doesn't have any ports open by default. In previous versions, this was not the case. As features are configured, ports must also be added to the allowaccess list in order for the feature to work.

Operating System and Open Ports

The FortiNAC software runs on top of the FortiNAC-OS operating system. For security purposes, FortiNAC-OS does not have any open (listening) TCP/UDP ports configured by default. Access must be configured using the "set allowaccess" command via the appliance CLI. The ports that must be enabled depend upon the features required.

The best practice is to keep the number of open ports to a minimum, and block all other ports. If there is a need to provide users access to network resources through a static port (e.g., from outside a firewall), the best option is to allow users to connect by VPN.  For details, see Open Ports in the FortiNAC Administration Guide.