Fortinet black logo

Overview

7.2.0
Copy Link
Copy Doc ID cb899e2f-614b-11ed-96f0-fa163e15d75b:692009
Download PDF

Overview

This document provides the steps necessary for installing FortiNAC appliance(s). It is intended to be used in conjunction with the FortiNAC Deployment Guide in the Fortinet Document Library.

Virtual Appliance (VM) Part Numbers

Part Number

Description

FNC-MX-VM

Control Manager

FNC-CAX-VM

Control and Application Server (CA)

Considerations

In versions 7.x and greater, FortiNAC doesn't have any ports open by default. In previous versions, this was not the case. As features are configured, ports must also be added to the allowaccess list in order for the feature to work.

Operating System and Open Ports

FortiNAC-F series appliances use the FortiNAC-OS operating system. Limited TCP/UDP ports are open by default for security purposes. This was not the case for FortiNAC appliances using the CentOS operating system.

Virtual appliances do not have any TCP/UDP ports listening by default. Opening additional ports requires the use of the "set allowaccess" command in the appliance CLI.

The configuration steps provided include opening ports for the applicable features and functions covered in this guide. As more features are configured, additional access must be enabled using the "set allowaccess" command via the appliance CLI. For details, see Open Ports in the FortiNAC Administration Guide.

The best practice is to keep the number of open ports to a minimum, and block all other ports. If there is a need to provide users access to network resources through a static port (e.g., from outside a firewall), the best option is to allow users to connect by VPN.

Overview

This document provides the steps necessary for installing FortiNAC appliance(s). It is intended to be used in conjunction with the FortiNAC Deployment Guide in the Fortinet Document Library.

Virtual Appliance (VM) Part Numbers

Part Number

Description

FNC-MX-VM

Control Manager

FNC-CAX-VM

Control and Application Server (CA)

Considerations

In versions 7.x and greater, FortiNAC doesn't have any ports open by default. In previous versions, this was not the case. As features are configured, ports must also be added to the allowaccess list in order for the feature to work.

Operating System and Open Ports

FortiNAC-F series appliances use the FortiNAC-OS operating system. Limited TCP/UDP ports are open by default for security purposes. This was not the case for FortiNAC appliances using the CentOS operating system.

Virtual appliances do not have any TCP/UDP ports listening by default. Opening additional ports requires the use of the "set allowaccess" command in the appliance CLI.

The configuration steps provided include opening ports for the applicable features and functions covered in this guide. As more features are configured, additional access must be enabled using the "set allowaccess" command via the appliance CLI. For details, see Open Ports in the FortiNAC Administration Guide.

The best practice is to keep the number of open ports to a minimum, and block all other ports. If there is a need to provide users access to network resources through a static port (e.g., from outside a firewall), the best option is to allow users to connect by VPN.