Fortinet black logo

Version:

7.2.0

Table of Contents

KVM Deployment Guide

Download PDF
Copy Link

Overview

This document provides the steps necessary for installing FortiNAC appliance(s). It is intended to be used in conjunction with the FortiNAC Deployment Guide in the Fortinet Document Library.

Virtual Appliance (VM) Part Numbers

Part Number

Description

FNC-MX-VM

Control Manager

FNC-CAX-VM

Control and Application Server (CA)

Considerations

In versions 7.x and greater, FortiNAC doesn't have any ports open by default. In previous versions, this was not the case. As features are configured, ports must also be added to the allowaccess list in order for the feature to work.

Operating System and Open Ports

The FortiNAC software runs on top of the FortiNAC-OS operating system. For security purposes, FortiNAC-OS does not have any open (listening) TCP/UDP ports configured by default. Access must be configured using the "set allowaccess" command via the appliance CLI. The ports that must be enabled depend upon the features required.

The best practice is to keep the number of open ports to a minimum, and block all other ports. If there is a need to provide users access to network resources through a static port (e.g., from outside a firewall), the best option is to allow users to connect by VPN.  For details, see Open Ports in the FortiNAC Administration Guide.

Overview

This document provides the steps necessary for installing FortiNAC appliance(s). It is intended to be used in conjunction with the FortiNAC Deployment Guide in the Fortinet Document Library.

Virtual Appliance (VM) Part Numbers

Part Number

Description

FNC-MX-VM

Control Manager

FNC-CAX-VM

Control and Application Server (CA)

Considerations

In versions 7.x and greater, FortiNAC doesn't have any ports open by default. In previous versions, this was not the case. As features are configured, ports must also be added to the allowaccess list in order for the feature to work.

Operating System and Open Ports

The FortiNAC software runs on top of the FortiNAC-OS operating system. For security purposes, FortiNAC-OS does not have any open (listening) TCP/UDP ports configured by default. Access must be configured using the "set allowaccess" command via the appliance CLI. The ports that must be enabled depend upon the features required.

The best practice is to keep the number of open ports to a minimum, and block all other ports. If there is a need to provide users access to network resources through a static port (e.g., from outside a firewall), the best option is to allow users to connect by VPN.  For details, see Open Ports in the FortiNAC Administration Guide.