Category Archives: Forti-Products

Ruckus ICX integration with Fortinac

This entry shows how I have been setting up ICX switches with Fortinac.

In this scenario my Fortinac is located at 192.168.226.248, the switch is 192.168.226.53, and my SNMP community is “snmp”. I know very secure. The switch I am working with is a Ruckus 7250 running SPR08092a.bin

These are the settings that I am putting into my switch:

logging host 192.168.226.248
snmp-server host 192.168.226.248 version v2c snmp

snmp-server enable traps mac-notification
snmp-server enable traps link-up
snmp-server enable traps link-down

On the NAC we have to add the switch, and make sure we have a CLI user account, and SNMP creds that work. We can test this within NAC to make sure things are up and going.

1

After we add the device, we can validate the settings

validate

After the device has been added you should see your interfaces/devices/status all show up.

 

 

FortiNAC – Finding the UUID and MAC to license device

When you setup Fortinac you have to license it, and Fortinet asks you what the MAC and UUID of the device are when registering the license. You can get this information by SSH’ing into the NAC and running the following commands:

 sysinfo -v | grep -i UU   — This will bring back the UUID

and to get the mac – run  ifconfig eth0

Copy those two settings into the registration of the license, and you can then get the license key.

Fortiauthenticator: Troubleshooting with tcpdump

Had a strange issue the other day with a FAC, where it would not send emails to users with their assigned tokens, but would send emails just fine any other time. I wanted to capture all outgoing traffic to see if SMTP messages were really being sent.

Fortiauth has Tcpdump built in, and is very easy to run.

First SSH into the FAC, from there you have some execute options. Below shows the tcpdump options:

exe tcpdump?
tcpdump Examine local network traffic.
tcpdumpfile Same as tcpdump, but write output to a file downloadable via GUI.
exe tcpdump

If you run ‘exe tcpdump’ it will spit all the traffic to the screen, but if you run ‘exe tcpdumpfile’ it will log the output to a .pcap that is downloadable from the GUI. This gives you the option to open it in Wireshark and analyze.

nac-1

To download the .pcap open your Fortiauth append /debug to the web address for example: https://10.110.2.60/debug. From here you will be prompted with what you want to debug, and at the bottom is the option to open the “CLI Packet Capture” this gives you the option to download the pcap.

nac-2

Thats it! Thank you Fortinet.