Home › FortiNAC Agent Release Notes

FortiNAC Agent Release Notes

File info: application/pdf · 15 pages · 940.65KB

FortiNAC

FortiNAC, 5.2.4, Agent Release Notes

FortiNAC Agent Release Notes - Amazon AWS

Included with FortiNAC version: 9.2.0 (to install in lower FortiNAC versions, see Upgrade Instructions). Download Size ... (10.15) Big Sur (11.x).

Full PDF Document

If the inline viewer fails, it will open the original document in compatibility mode automatically. You can also open the file directly.

Extracted Text

FortiNAC - Agent Release Notes
Version 5.3.0

FORTINET DOCUMENT LIBRARY https://docs.fortinet.com FORTINET VIDEO GUIDE https://video.fortinet.com FORTINET BLOG https://blog.fortinet.com CUSTOMER SERVICE & SUPPORT https://support.fortinet.com FORTINET TRAINING & CERTIFICATION PROGRAM https://www.fortinet.com/support-and-training/training.html NSE INSTITUTE https://training.fortinet.com FORTIGUARD CENTER https://fortiguard.com/ END USER LICENSE AGREEMENT https://www.fortinet.com/doc/legal/EULA.pdf FEEDBACK Email: techdoc@fortinet.com
October 28, 2021 FortiNAC 5.3.0 Agent Release Notes 49-521-587638-20191004

TABLE OF CONTENTS

Overview of Version 5.3.0

Supplemental Documentation

Version Information

Download Size

System Requirements

Compatibility

New Features

Enhancements/Addressed Issues

Linux Agent Features Not Yet Supported

Features No Longer Supported

Upgrade Considerations

Upgrade Instructions

Configure System Update Settings

Download Agent Software

Upgrading Agent Software

Numbering Conventions

FortiNAC 5.3.0 Agent Release Notes

Fortinet Technologies Inc.

Overview of Version 5.3.0
Overview of Version 5.3.0

Supplemental Documentation Version Information Download Size System Requirements
Supplemental Documentation
The following can be found in Fortinet Document Library under FortiNAC Release Information: FortiNAC Known Anomalies FortiNAC Release Matrix

Version Information
These Release Notes contain additional Enhancements for this FortiNAC Agent Version. Unique numbering is used for the various components of the product. The Agent version supplied with this release is listed below. Agent Version: 5.3.0.77 Included with FortiNAC version: 9.2.0 (to install in lower FortiNAC versions, see Upgrade Instructions)

Download Size

Name

Operating System

FortiNAC Dissolvable Agent

Linux (x86_64)

FortiNAC Dissolvable Agent

Mac-OS-X

FortiNAC Dissolvable Agent

Windows

FortiNAC Mobile Agent Android

FortiNAC Mobile Agent (Store)

Android

FortiNAC Passive Agent Windows

File FortiNAC_Dissolvable_Agent.bin FortiNAC Dissolvable Agent.dmg* FortiNAC Dissolvable Agent.exe* FortiNAC Mobile Agent.apk FortiNAC Mobile Agent (Store) FortiNAC_Passive_Agent.exe*

Size 7393 KiB 6655 KiB 2957 KiB 2371 KiB 2371 KiB 2398 KiB

FortiNAC 5.3.0 Agent Release Notes

Fortinet Technologies Inc.

Overview of Version 5.3.0

Name
FortiNAC Persistent Agent (deb)
FortiNAC Persistent Agent (dmg) FortiNAC Persistent Agent (exe) FortiNAC Persistent Agent (msi) FortiNAC Persistent Agent (rpm)

Operating System Linux (x86_64) Mac-OS-X
Windows
Windows
linux (x86_64)

File
bni-persistent-agent_5.2.6.691.amd64.deb FortiNAC Persistent Agent.dmg*
FortiNAC Persistent Agent.exe*
FortiNAC Persistent Agent.msi*
bni-persistent-agent-5.2.6.691.x86_ 64.rpm

*32 bit agent application. Will run on 32 and 64 bit systems.

System Requirements
The following are the requirements for hosts to be able to install the agent: 2.0 GHz 64-bit processor, dual core (or two virtual CPUs) 4 GB RAM 40 MB free hard disk Internet access

Size 10513 KiB 10285 KiB 5737 KiB 5621 KiB 10520 KiB

FortiNAC 5.3.0 Agent Release Notes

Fortinet Technologies Inc.

Compatibility
Compatibility

The chart below lists the versions of FortiNAC and operating systems currently supported and tested with 5.3.0. Other FortiNAC versions and operating systems may work, but are not guaranteed.

Agent
Windows Dissolvable Agent Windows Persistent Agent macOS Dissolvable Agent* macOS Persistent Agent*

FortiNAC Version 8.8 and higher
8.8 and higher

iOS Mobile Agent

Not supported

Operating System
Windows Server 2008, 2008R2, 2012, 2012R2, 2016 Windows 7 Windows 8.1 Windows 10 Windows 11
OS X Mavericks (10.9) OS X Yosemite (10.10) OS X El Capitan (10.11) macOS Sierra (10.12) macOS High Sierra (10.13) Mojave (10.14) macOS Catalina (10.15) Big Sur (11.x) See related KB article FD42222 for details.

Linux Dissolvable Agent Linux Persistent Agent
Android Mobile Agent

8.8 and higher 8.8 and higher

Operating System: x86-64 Linux Distribution: Fedora, CentOS, RHEL, Debian, Ubuntu (not supported on 32-bit systems), SLES 11, 12, 15 *compatibility on all distributions is not guaranteed
Android 4.1 and higher

*Macs with M1 processors should run as expected as long as Rosetta is installed. Rosetta is Apple's translation layer to run x86_64 applications on Apple M1 architecture. Note this has not been tested internally.

FortiNAC 5.3.0 Agent Release Notes

Fortinet Technologies Inc.

New Features
Version 5.3.0
ID 0731645

Description
Added option to disable Server Discovery (SRV Lookups) in the Persistent Agent. Option enabled by default.

FortiNAC 5.3.0 Agent Release Notes

Fortinet Technologies Inc.

Linux Agent Features Not Yet Supported
Enhancements/Addressed Issues

Fortinet Agent Packages contain all of the files required by the FortiNAC server for each agent and the latest version of each agent type, such as the Persistent Agent or the Dissolvable Agent. In some cases, agents cannot be distributed directly from FortiNAC, such as the Android Mobile Agent which must be distributed through Play Store. However, those agents do require supporting files on the FortiNAC server.
NOTE: It is recommended that you use the most recent version of the Agent, whenever possible, to take advantage of the latest features and updates to the Agent software.
NOTE: Any agent version prior to 3.1.5 is not forward compatible with a certificate signed with SHA2 RSA Encryption. If you have Persistent Agent versions 3.0 - 3.1.4 deployed, do not update to a SHA2 Certificate until the legacy agents are upgraded to a newer version.
Unless otherwise specified, enhancements apply to all types of agents. These Enhancements are in addition to the Enhancements that are outlined in previous releases. For previous versions, refer to the Release Matrix document in the Resource Center on the Fortinet web site.

Description

0731193 The securityEnabled setting is no longer considered by the Persistent Agent. As of this version, only secure agent communication will be used (regardless of securityEnabled setting).

Important: SSL certificates are required to be installed in the Persistent Agent Certificate Target. Otherwise, agent communication will fail. See Upgrade Considerations.

FortiNAC 5.3.0 Agent Release Notes

Fortinet Technologies Inc.

Linux Agent Features Not Yet Supported
Linux Agent Features Not Yet Supported
The following items are not supported by Linux Agent version 3.4 through 5.x. Ability to Update the Persistent Agent to future versions. Ability to configure the Persistent Agent to uninstall at the specified Expiration Date. Supplicant EasyConnect. System Tray Icon for Desktop Environments (DE's) that are not XEmbed-based. For example, the system tray icon will not be displayed on DE's such as Ubuntu 14.04 with Unity DE and Kubuntu 15.04 with KDE 5.x.
The system tray icon will be displayed on DE's such as Linux Mint 17 with Cinnamon, Fedora 21 with Gnome 2 or Gnome 3, Ubuntu 14.04 with KDE 4.x, Debian 7 with Xfce 4 and Lubuntu 14.04 with LXDE (and others which are XEmbed-based.)

FortiNAC 5.3.0 Agent Release Notes

Fortinet Technologies Inc.

Features No Longer Supported

Features No LongerSupported

ID
0731193

Description
Version 5.3: The securityEnabled setting is no longer considered by the Persistent Agent. As of this version, only secure agent communication will be used (regardless of securityEnabled setting).

FortiNAC 5.3.0 Agent Release Notes

Fortinet Technologies Inc.

Upgrade Considerations
Upgrade Considerations

Description
Agents with Security Disabled: As of Persistent Agent version 5.3, there is no option to disable secure agent communications. Agents upgraded from previous versions to 5.3 or greater will communicate over TCP 4568 regardless of the "securityEnabled" Persistent Agent setting.
The following must be done prior to upgrading hosts to agent version 5.3: Ensure valid SSL certificates are installed in the Persistent Agent Certificate Target o Version 8.x: Navigate to System > Settings > Security > Certificate Management o Version 9.x: Navigate to Security Configuration > Certificate Management Packet Transport Configurations must have TCP 4568 listed o Version 8.x: Navigate to System > Settings > Persistent Agent > Transport Configuration o Version 9.x: Navigate to Security Configuration > Agent Settings > Transport Configuration
Agents Communicating with SSLv3: FortiNAC versions 6.2.6, 7.0.3, 7.1.0, and 7.2.0 use SSLv3 to communicate with 3.x agents earlier than version 3.3. When you have replaced all of your 3.2.x, 3.1.x and 3.0.x agents with the 3.3 agent (or higher), FortiNAC 6.2.6, 7.0.3 and 7.1.1 can be configured to disable SSLv3 agent communications - thus completely removing the vulnerability for "POODLE" (CVE-2014-3566.) Contact Product Support for details and assistance.
AV/AS Definitions: Using the "Cert-Check" and "Service" Custom Scans that are new in the 7.3.0 release of FortiNAC requires the use of AV/AS Definitions published June 22, 2015 or greater, Agent 3.5.0 or greater and FortiNAC 7.3 or greater.
Endpoint Compliance: Added Legacy Dissolvable and Legacy Persistent Agent options in Endpoint Compliance Configurations. These options allow you to deploy the latest agent that does not require certificates. Agents that do not require certificates are the 2.X Persistent and Dissolvable Agents and the 3.0.X Dissolvable Agent. If you choose Latest Agent, the Agent on your server with the highest version number is deployed. This could be an agent that requires a certificate. On upgrade the Persistent or Dissolvable Agent options that were set to Latest Agent will now be set to Legacy Agent.
Operating System Case: Agent V3.0 and higher requires Mac OS X 10.6 or higher.
Persistent Agent Case: Changed VMs running on LINUX hosts to show as new rogues. Previously, the VM would be appended to the host's adapters as a Virtual-Guestadapter.

FortiNAC 5.3.0 Agent Release Notes

Fortinet Technologies Inc.

Upgrade Instructions
Upgrade Instructions

This procedure describes how to download the agent package to your FortiNAC server for distribution.
Configure System Update Settings Download Agent Software Upgrading Agent Software

Configure System Update Settings

1. In the FortiNAC Administrative UI, navigate to System > Settings > Updates > System. 2. Update the appropriate fields to configure connection settings for the download server.

Field

Definition

Host*

Set to updates.bradfordnetworks.com

Auto-Definition Directory

Enter a dot (.) This field is not used for the Agent download in this version.

Agent Distribution Directory:

Specify: ./Agent_5 (dot slash Agent_5)

User

Set to updates (in lowercase)

Password

Keep the current value

Confirm password Protocol

Keep the current value Set to desired protocol (FTP, PFTP, HTTP, HTTPS)1

3. When the download settings have been entered, click Save Settings

Download Agent Software
1. From the tree on the left select Updates > Agent Packages. 2. Scroll to the bottom of the page and click the Download button to display a list of available
agent packages. 3. Click the Download button next to an agent package to initiate the download. A progress page is
displayed until the download is complete.

1downloads.bradfordnetworks.com will no longer be used as of January 31st, 2018. With the change in server locations, SFTP will no longer be supported for downloads.

FortiNAC 5.3.0 Agent Release Notes

Fortinet Technologies Inc.

Upgrade Instructions
Upgrading Agent Software
It is recommended to upgrade the agent using the same method as deployment.
Software Management System or Group Policy Download the agent package from FortiNAC. For instructions, see section Download the Persistent Agent for custom distribution in the appropriate Administration Guide: Version 8.8 Version 9.2 When using Group Policies, add the new agent package and list it as an upgrade to the previous versions. Ensure any previous package referenced by the GPO remains in place until all hosts have successfully moved off that version. For assistance, consult vendor documentation.
FortiNAC Captive Portal For Persistent Agents distributed via the Captive Portal, see section Upgrade the Persistent Agent of the appropriate Administration Guide for agent upgrade instructions. Version 8.8 Version 9.2

FortiNAC 5.3.0 Agent Release Notes

Fortinet Technologies Inc.

Numbering Conventions
Numbering Conventions
Fortinet uses the following version number format: <First Number>.<Second Number>.<Third Number>.<Fourth Number> Example: 8.0.6.15 First Number = majorversion Second Number = minor version Third Number = maintenance version Fourth Number = build number (internal tracking use only) Release Notes pertain to a certain version of the product. Release Notes are revised as needed. The Rev letter increments accordingly. For example, updating the Release Notes from Rev C to Rev D indicates changes in the Release notes only -- no changes were made to the product. The next number represents the version in which a Known Anomaly was added to the release notes (for example, V8.0).

FortiNAC 5.3.0 Agent Release Notes

Fortinet Technologies Inc.

Copyright� 2020 Fortinet, Inc. All rights reserved. Fortinet�, FortiGate�, FortiCare� and FortiGuard�, and certain other marks are registered trademarks of Fortinet, Inc., in the U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet's General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet's internal lab tests. In no event does Fortinet make any commitment related to future deliverables, features or development, and circumstances may change such that any forward-looking statements herein are not accurate. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.