FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
lfrancelj
Staff
Staff
Article Id 198675
Description
This article describes how to manually install and configure 'Persistent Agent', provided by the FortiNAC, on Linux.

Useful link.

Fortinet Documentation.

https://docs.fortinet.com/document/fortinac/8.7.0/administration-guide/923061/persistent-agent-on-li...

Scope


Solution
1) Download the 'Persistent Agent' installer from FortiNAC  by going to System -> Settings -> Updates -> Agent Packages and selecting the installation file that is matching the OS ('.deb' is for Debian/Ubuntu based distributions and '.rpm' for RedHat/CentOS based distributions).





Note.

Version of 'Persistent Agent' package can be different in this case.

2) Copy downloaded installation package to Linux OS workstation or server.
Use any SFTP (FTP over SSH) client to transfer files to Linux OS.

3) When the installation file is copied to Linux OS workstation or server you can install it by running.

Debian/Ubuntu.

Run the following command as root:
dpkg -i /path/to/fortinac-persistent-agent_<version>.amd64.deb
Run the following command if you are installing as different user:
sudo dpkg -i /path/to/fortinac-persistent-agent_<version>.amd64.deb
    RedHat/CentOS.
   
Run the following command as root:
yum localinstall /path/to/fortinac-persistent-agent-<version>.x86_64.rpm
Run the following command if installed as different user:
sudo yum localinstall /path/to/fortinac-persistent-agent-<version>.x86_64.rpm
4) To configure destination server for 'Persistent Agent' change settings in the configuration file PersistentAgent.conf which is located in '/etc/xdg/com.bradfordnetworks' is needed.

For example:
cat etc/xdg/com.bradfordnetworks/PersistentAgent.conf
[General]
allowedCiphers="ECDHE-RSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-SHA,RC4-SHA,RC4-MD5,PSK-3DES-EDE-CBC-SHA"
caTrustDepth=4
caFile=/etc/ssl/certs/ca-bundle.crt
selfSignedAllowed=true
securityEnabled=true
restrictRoaming=false
homeServer=
allowedServers=
maxConnectInterval=960
macPollInterval=5
showDisconnectedIcon=false
showDisconnectedMsg=false
disconnectedMsg="Your network access may be restricted.  Persistent Agent is disconnected from Network Sentry."
ShowIcon=1
5) Change the 'homeServer' value to the FortiNAC IP address or FQDN hostname like fortinac.forti.lab in this case, save changes to configuration file and run 'systemctl restart bndaemon.service' to restart the 'Persistent Agent' service.

Example:

homeServer=fortinac.test.lab

6) Disable secure connection by disabling the value of 'securityenabled=' to "false".

Example (default):

securityEnabled=true

7) Monitor output in the Persistent Agent log file saved in “/var/log/bndaemon”.

8) See in the logs that “'Persistent Agent' successfully established secure connection with message:
2020-04-28 13:52:28 UTC :: Detected Server Version: 8.6.3.1206
2020-04-28 13:52:28 UTC :: Received,req=3127,resp=2,Acknowledge,fortinac.forti.lab
2020-04-28 13:52:28 UTC :: Processed,req=3127,resp=2,Acknowledge,fortinac.forti.lab
Troubleshooting.

1) If some SSL Certificate errors are appearing in the /var/log/bndaemon log file, make sure that the certificate that is configured on FortiNAC to be used for 'Persistent Agent' communication is uploaded to Linux system and configured in “PersistentAgent.conf” under “caFile” value.

Verify which certificate is used by FortiNAC under System -> Settings -> Security -> Certificate Management.




2) Verify the status of 'Persistent Agent' service with below commands:
systemctl status bndaemon.service
Example:

Output which shows that service is running properly:
bndaemon.service - LSB: FortiNAC Persistent Agent
Loaded: loaded (/etc/init.d/bndaemon; generated)
Active: active (running) since Tue 2020-04-28 16:02:21 CEST; 6s ago
Docs: man:systemd-sysv-generator(8)
Process: 12382 ExecStart=/etc/init.d/bndaemon start (code=exited, status=0/SUCCESS)
Tasks: 13 (limit: 1059)
Memory: 3.8M
CGroup: /system.slice/bndaemon.service
└─12392 /opt/com.bradfordnetworks/PersistentAgent/bndaemon -d -p /var/run/bndaemon.pid -l /var/log/bndaemon

Related Articles

Technical Tip: Manually install and configure 'Persistent Agent' on Windows OS

Technical Note: Windows Persistent Agent logs

Contributors