manualshive.com logo in svg

Fortinet FortiNac BFN320, Installation Manual

The Fortinet FortiNAC BFN320 is a powerful network access control solution. To install this product correctly, be sure to download the Installation Manual for free from manualshive.com. This comprehensive manual will provide all the information you need to set up and configure your FortiNAC BFN320 for optimal performance.

Share
Download
background image

Layer 2 Network - VLANs

VLANs are the basic networking construct used to limit network access. When you implement
network access control, include at least one non-production VLAN. In the Configuration Wizard
this is the Isolation VLAN. If there is the need to separate clients based on state, such as known
vs. unknown or out-of-compliance, configure multiple VLANs. In the Configuration Wizard these
additional VLANS are the Registration, Remediation, Dead End, VPN, Authentication, Isolation,
and Access Point Management VLANs.

If you intend to use FortiNac only to monitor network access, configuring VLANs is not
necessary. If in the future you choose to control access to the network, re-run the Configuration
Wizard to configure VLANs at that time.

If you do not configure VLANs at this time, click Next on the Isolation, Registration, Remediation,
Dead End, VPN, Authentication and Access Point Management screens. Proceed to Layer 2
Network - Summary on page 27.

Note:

The Configuration Wizard dynamically writes all files configured on the FortiNac Control

Server to the FortiNac Application Server. No direct configuration of the FortiNac Application
Server is required after the initial basic network setup is completed.

Table 11: Layer 2 VLAN Types

VLAN Type

Definition

Layer 2 Isolation

Isolates all clients connecting to the network and redirects them to the

appropriate isolation web pages. In the Isolation VLAN the state of the client,
such as known vs. unknown or out-of-compliance, determines the access
control information presented to the client via the web browser or persistent
agent. If you use this VLAN type, the configuration of the other VLAN types is
optional. You can use the Isolation VLAN with Registration, Remediation,
Dead End, VPN, Authentication, or Access Point Management VLANs as
another non-production network.

Layer 2 Registration

Isolates unregistered clients from the production network during client

registration.

Layer 2 Remediation

Isolates clients from the production network who pose a security risk because

they failed a policy scan.

Layer 2 Dead End

Isolates disabled clients with limited or no network connectivity from the

production network.

Layer 2 Virtual Private

Network

Used for clients who connect to the network through VPN services.

Layer 2 Authentication

Isolates registered clients from the Production network during user

authentication.

Layer 2 Access Point

Management

Used for clients that connect through devices managed by Access Point

Management. You can manage clients connected to hubs or simple access
points by using DHCP as a means to control or restrict client access. Once
you have completed your configuration and started FortiNac, access Help for
additional information about the Access Point Management Plugin.

Layer 2 Network - VLANs

21

Summary of Contents for FortiNac BFN320

Page 1: ...Appliance Installation Guide Version 8 3 Date 8 24 2018...

Page 2: ...om how to work with fortinet support FORTINET COOKBOOK http cookbook fortinet com FORTINET TRAINING AND CERTIFICATION PROGRAM https www fortinet com support and training training html NSE INSTITUTE ht...

Page 3: ...To Configuration Wizard Software 15 Password Setup 17 Network Type 20 Layer 2 Network VLANs 21 Layer 2 Network Configure VLANS 22 Layer 2 Network Additional Routes 27 Layer 2 Network Summary 27 Layer...

Page 4: ...ted contact Customer Support You can download electronic versions of the Appliance Installation Guides through the Configuration Wizard See Login To Configuration Wizard Software on page 15 Note The C...

Page 5: ...ame Appliance Label Product Descriptor Appliance Identifier NS3200 Network Control Server NS3200 FortiNac Control Server SYS G BFN620XL NS3200 NS10200 Network Application Server NS10200 FortiNac Appli...

Page 6: ...ance Product Port Port Used During Initial Basic Network Configuration BFN320 BFN330 BFN620 BFN630 All Products eth1 Used temporarily during configuration until the IP address mask default gateway and...

Page 7: ...4...

Page 8: ...asic networking information such as mask DNS or hostname IP address for this appliance Disconnect laptop from eth1 and connect appliance to network on eth0 None Software Configuration Return to Config...

Page 9: ...x range The appliance itself has an IP address of 192 168 1 1 Be certain to connect the RJ45 cable to the correct Ethernet port LED 1 on the front of the appliance lights to indicate when eth0 has est...

Page 10: ...Login To Configuration Wizard Hardware Setup 1 If you have not done so already bring up a web browser and navigate to http 192 168 1 1 8080 configWizard 2 Enter the User Name and Password credentials...

Page 11: ...Hardware Setup Note You will be required to change the Configuration Wizard password during the setup process 8...

Page 12: ...identification have the MAC Address of the appliance ready when you call for assistance The MAC Address is located on the shipping label the Appliance Identification Details document and on the back...

Page 13: ...resent the current configuration of the appliance When you make edits in the Configuration Wizard your modifications are stored in a temporary file This allows you to exit the Configuration Wizard bef...

Page 14: ...his is used in the basic IP network configuration for the appliance Domain Enter your domain name such as megatech com or megatech edu Forwarding DNS for all Isolation Networks Use Primary and Seconda...

Page 15: ...CLI SSH and Configuration Wizard passwords must be eight characters or longer and contain a lowercase letter an uppercase letter a number and one of the following symbols Required Symbols exclamation...

Page 16: ...pliance Must be at least 8 characters and no more than 64 characters root CLI SSH password Customer Support uses to log into the appliance Must be at least 8 characters and no more than 64 characters...

Page 17: ...e type and corresponding ports WARNING DO NOT use a firewall between any FortiNac appliances because the firewall interferes with the connection between those appliances There should never be a firewa...

Page 18: ...ss and apply those settings Login To Configuration Wizard Software 1 Bring up a web browser and point it to the IP Address of the FortiNac Server FortiNac Control Server or FortiNac Management Server...

Page 19: ...Software Configuration Figure 7 Download Documentation Window 16...

Page 20: ...Password Setup Figure 8 Change Passwords Figure 9 Configuration Wizard Password Setup Password Setup 17...

Page 21: ...characters You are required to change this password New Configuration Wizard Password Retype Configuration Wizard Password The Password used to access the Configuration Wizard You are required to chan...

Page 22: ...7 Close the window or tab 8 Click Next to continue Password Setup 19...

Page 23: ...IP address you must select the Layer 3 network option L3 High Availability configurations are not supported with Layer 2 Isolation settings Select the Layer 2 network option to specify VLAN isolation...

Page 24: ...clients connecting to the network and redirects them to the appropriate isolation web pages In the Isolation VLAN the state of the client such as known vs unknown or out of compliance determines the a...

Page 25: ...lick the Add button in the Isolation DNS Subnets section 4 Click Next Table 12 VLAN Isolation Network Field Definitions Field Definition VLAN Type Interface eth1 Interface IPv4 Address IP4 address for...

Page 26: ...hat an IP address in this domain is available for use When this time has elapsed the user is served a new IP address The recommended lease time for Isolation Registration Remediation Authentication De...

Page 27: ...Layer 2 Network Configure VLANS Figure 11 Layer 2 Isolation Figure 12 Add Subnet 24...

Page 28: ...Pool Start End Starting and ending IP addresses that delineate the range of IP addresses available on this VLAN Domain Domain Identifies the domain for this range of IP addresses To help identify the...

Page 29: ...for the isolation VLAN use megatech iso com or for the registration VLAN use megatech reg com Note Note If you use agents for OS X iOS and some Linux systems using a local suffix in Domain fields may...

Page 30: ...a on the Summary View to confirm the configured settings Important Confirm that you have selected the check boxes for the VLANs you are configuring If they have not been selected click the Back button...

Page 31: ...ents rather than the clients connecting on the local Isolation VLANs Multiple scopes are allowed for each of the routes Registration Remediation Dead End VPN Authentication Isolation and Access Point...

Page 32: ...on presented to the client via the web browser or persistent agent If you use these scopes configuring the other scopes Registration Remediation Dead End VPN Authentication or Access Point Management...

Page 33: ...ask 5 In the Lease Pools section click Add to add the lease pool information for the scope 6 Enter the IP Addresses for Start and End of the lease pool range then click Add 7 Repeat steps 3 through 6...

Page 34: ...art of the name in the domain For example for the isolation VLAN use megatech iso com or for the registration VLAN use megatech reg com Note Note If you use agents for OS X iOS and some Linux systems...

Page 35: ...Layer 3 Network Configure Route Scopes Figure 15 Layer 3 Network Configuration Isolation Scopes 32...

Page 36: ...ment Field Definitions Field Definition Access Point Management Interface eth1 Interface IP Address IP address for the VLAN interface on eth1 This VLAN is used when more than one MAC address is detect...

Page 37: ...ields may cause communications issues Example Incorrect dns suffix for reg tech reg megatech local Correct dns suffix for reg tech megatech reg edu Production Lease Pools Starting and ending IP addres...

Page 38: ...Production DNS Primary IP address of the Primary DNS Server Production DNS Secondary IP address of the Secondary DNS Server Access Point Management Isolation Network Scopes Lease Time In Seconds Time...

Page 39: ...Layer 3 Network Configure Route Scopes Figure 18 Layer 3 Access Point Management 36...

Page 40: ...Figure 19 Layer 3 Add Access Point Management Scopes Layer 3 Network Configure Route Scopes 37...

Page 41: ...ue for each route scope that you import If it is not unique the record with the first instance of the ScopeLabel field is duplicated for each subsequent instance of the identical ScopeLabel Note When...

Page 42: ...Figure 20 Layer 3 Routes Import Route Scopes Window Layer 3 Network Configure Route Scopes 39...

Page 43: ...routes in the Additional Routes view and you save all routes are erased from the system routes file except for the Default Gateway To import system routes click the Read File button on the Additional...

Page 44: ...Figure 21 Additional Routes Window Figure 22 Add Route Window Layer 3 Network Additional Routes 41...

Page 45: ...apply them until a successful configuration is written 3 Click Reboot to continue with the installation and begin network modeling and policy creation OR Click Shutdown to turn off the appliance 4 If...

Page 46: ...Figure 23 Results Window Results Layer 2 Layer3 Networks Or Control Manager 43...

Page 47: ...port https IP Address 8443 or https Host Name of the appliance 8443 2 Enter the login credentials User Name root Password YAMS Note User Name and Password fields are case sensitive 3 Once you have log...

Page 48: ...les to be overwritten if you use the Next button to scroll through all of the pages If no manual changes have been made this does not cause a problem However it is recommended that you go directly to...

Page 49: ...Change Passwords After Configuration 46...

Page 50: ...inet enters a binding written contract signed by Fortinet s General Counsel with a purchaser that expressly warrants that the identified product will perform according to certain expressly identified...

Reviews:

No comments

Related manuals for FortiNac BFN320

TYAN FT77B-B7059 Service Engineer'S Manual preview
FT77B-B7059
Brand: TYAN Pages: 170
Sun Microsystems Sun Fire X2100 M2 Service Manual preview
Sun Fire X2100 M2
Brand: Sun Microsystems Pages: 128
Synology RX410 User Manual preview
RX410
Brand: Synology Pages: 24
ASROCK Rack 4U60L Series User Manual preview
4U60L Series
Brand: ASROCK Rack Pages: 51
IBM eServer xSeries 205 Type 8480 Hardware Maintenance Manual And Troubleshooting Manual preview
eServer xSeries 205 Type 8480
Brand: IBM Pages: 168
QUANTA QSSC-S99K 2U User Manual preview
QSSC-S99K 2U
Brand: QUANTA Pages: 177
IBM System x3610 User Manual preview
System x3610
Brand: IBM Pages: 90
Infotrend EonServ 7000 Series Quick Installation Manual preview
EonServ 7000 Series
Brand: Infotrend Pages: 2
Lenovo 7Y45 Setup Manual preview
7Y45
Brand: Lenovo Pages: 116
Lenovo 70F0 User Manual And Hardware Maintenance Manual preview
70F0
Brand: Lenovo Pages: 96
Lenovo 8753 Product Manual preview
8753
Brand: Lenovo Pages: 46
Lenovo 7Y54 Maintenance Manual preview
7Y54
Brand: Lenovo Pages: 138
Lenovo 8871 Product Manual preview
8871
Brand: Lenovo Pages: 56
Lenovo 8869 Product Manual preview
8869
Brand: Lenovo Pages: 64
Lenovo DU User Manual preview
DU
Brand: Lenovo Pages: 226
Lenovo BladeCenter HS22 Installation And User Manual preview
BladeCenter HS22
Brand: Lenovo Pages: 96
Lenovo BladeCenter HS23 Installation And User Manual preview
BladeCenter HS23
Brand: Lenovo Pages: 104
Lenovo 643815U Installation Manual preview
643815U
Brand: Lenovo Pages: 90

Brands by name

Popular brands

Load more brands