TheFortiNAC-F Manageris designed to centralize the management of multiple Control and Application (CA) appliances, ensuring consistent security posture across a distributed enterprise. To achieve this, the Manager allows administrators to define and distribute specific types of policies globally rather than configuring them on each individual CA.
According to theFortiNAC Manager Guide, the two primary policy types that are managed globally are:
Network Access Policies (D):These policies define the "If-Then" logic for network entry. By managing these at the global level, an administrator can ensure that a "Contractor" receives the same restricted access regardless of which branch office or campus they connect to.
Endpoint Compliance Policies (B):Global management of compliance policies—which consist of scans and configurations—allows for a unified security baseline. For example, a global policy can mandate that all Windows devices across the entire organization must have a specific antivirus version installed and active before gaining access to the production network.
While the Manager provides visibility into authentication events and can synchronize directory data, the specificAuthentication(A) configurations (like local RADIUS secrets or specific LDAP server links) are often localized to the CA to account for site-specific infrastructure.Supplicant EasyConnect(C) is a feature set for onboarding, but the structural "Global Policy" engine focuses primarily on the Access and Compliance frameworks.
"The FortiNAC Manager enablesGlobal Policy Management, allowing for the creation and distribution of policies across all managed CA appliances. This includesNetwork Access Policies, which control VLAN and ACL assignment, andEndpoint Compliance Policies, which define the security requirements for hosts. Centralizing these policies ensures that security standards are enforced uniformly across the global network fabric." —FortiNAC Manager Administration Guide: Global Policy Management Overview.
