FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
FortiKoala
Staff
Staff
Article Id 194426
Description
Upgrading from a pre-8 version to 8.x could break communication with agents running version 3.0 through 3.2.  Hosts that have security disabled are not affected.

In newer agent versions 3.3 and greater, the communication protocol was changed from SSLv3 to TLS to address the POODLE vulnerability (CVE-2014-3566).  As of 8.0.0, SSLv3 has been disabled completely.


Secure Agent Communication Compatibility Summary
NAC 7.x: Compatible with all 3.x agents
NAC 8.x: Compatible with 3.3.x (and above) agents

Scope
Version:  8.x and Agent 3.0, 3.1, and 3.2 (with security enabled)
Solution
Workaround:  Re-enable SSLv3 until agents are upgraded.
1.  Navigate to Settings > Persistent Agent > Transport Configuration
2.  Under TLS Service Configuration panel, SSLv3 can be added in the TLS Protocols field.



Contributors