Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiDevice Administration Guide

    Home FortiDevice 25.1.b FortiDevice Administration Guide
    25.1.b
    25.1.b
    25.1.a

    Adding a scan

    Adding a scan

    Running a scan finds, identifies, and builds an inventory of all the connected devices and assets on your internal network. The inventory helps you to keep track of exactly what is on your network and verifies that no unknown devices are connected.

    This section covers the following topics:

    Configuring a scan

    You configure a scan by selecting the site, detector, scope, start time, and other parameters. You can configure a standard, Cloud, or FortiClient EMS scan.

    Note

    To run a scan against a specific site, FortiDevice Detector must be installed and active and either assigned to that site or configured for all sites.

    FortiDevice uses the browserʼs default time zone when scheduling and running scans. To change the time zone, refer to Checking the settings.

    The following table shows the differences among the scan rates, including the initial round-trip time (RTT) timeout and maximum RTT timeout.

    Scan Rate

    Time between scans

    Initial RTT timeout

    Maximum RTT timeout

    Cautious

    5 minutes

    5 minutes

    5 minutes

    Moderate

    15 seconds

    15 seconds

    15 seconds

    Steady

    0.4 seconds

    0.4 seconds

    0.4 seconds

    Standard

    Fast

    10 milliseconds

    500 milliseconds

    1,250 milliseconds

    Faster

    5 milliseconds

    250 milliseconds

    300 milliseconds
    To choose a scan rate:

    • Use the Cautious or Moderate scan rate when you need to evade Intrusion Detection Systems.

    • Use the Steady scan rate when you need to conserve bandwidth.

    • No parameters are set for the Standard scan rate. This setting is suitable for most environments.

    • Use the Fast scan rate for reliable and fast networks.

    • Use the Faster scan rate for very fast networks or when the priority is speed rather than accuracy. It might trigger alarms on target systems.

    To configure a standard scan:

    1. Go to Scans.

    2. Click ADD SCAN.

    3. In the Scan Name field, enter a name of the scan to run.

    4. If you selected All Organizations in the Organization dropdown list at the top of the GUI, you can select which organization the scan will belong to.

    5. In the Scan Type dropdown list, select Standard.

      This setting is the default.

    6. In the Site dropdown list, select the name of the site where you want to save the scan results to.

    7. Click in the Detector field to select the name of the detector to use for the scan.

    8. In the Scan Scope field, enter the IPv4 addresses, CIDR address, IP address ranges, or domain names to scan. You can use an asterisk as a wild card for the last octet, for example, 172.17.3.*.

    9. In the Scan Exclusions field, enter the IPv4 addresses, CIDR address, IP address ranges, or domain names that will not be scanned. You can use an asterisk as a wild card for the last octet, for example, 172.17.3.*.

    10. Under Settings, make the following changes:

      1. In the Scan Rate/Network Load dropdown list, select Cautious, Moderate, Steady, Standard (Default), Fast, Faster, or Custom. If you select Custom, select the number of packets per second.

      2. In the Vulnerability Scan Level dropdown list, select Full, Partial, or None:

        • Full—FortiDevice performs vulnerability scanning with all the policies in the vulnerability library. This level is more thorough but slower.
        • Partial—FortiDevice performs vulnerability scanning with some of the policies in the vulnerability library. FortiDevice scans the asset first to detect which services are enabled and then performs vulnerability scanning based on the services on the asset. This level is less thorough but quicker.
        • None—FortiDevice does not perform any vulnerability scanning.

      3. If you want to limit which ports are used for scanning, select the Specify Scan Ports checkbox and enter the port number in the field.

      4. Select the Scan with a FortiDeceptor checkbox if you are using FortiDeceptor.

      5. In the Connector dropdown list, select which connector to use.

      6. Select the Skip Decoy VMs checkbox if you do not want to scan decoy VMs.

      7. Select the Use Detector Proxy checkbox if you want to use a Detector proxy.

      8. If you want to include the asset owner in the scan, select the Specify owner for the scanned assets checkbox, click in the field, and select one of the checkboxes.

      9. In the Notes field, enter an optional description of the scan.

      10. In the Run scan dropdown list, select whether to run the scan Once, Hourly, Every N Hours, Daily, Weekly, or Monthly. If you select Every N Hours, enter the number of hours and minutes.

      11. In the Start Time field, click the calendar icon and select the date and time to start the scan or enter the date and time when the scan will run.

      12. Select the number of hours to wait before starting the scan if the FortiDevice Detector is busy.

      13. In the Scan Timeout dropdown lists, select how many hours and minutes must pass before the scan is canceled.

      14. Select how vCenter/ESXi VMs are processed.

        • Select Only show VMs in the hypervisor asset details if you want all VMs to be merged in the authentication scan report.

        • Select Show VMs with IP addresses as separate assets in the asset inventory and in the hypervisor asset details if you want the VMs to be reported as standalone assets in the authentication scan report.

    11. Under Credentials, make the following changes:

      1. In the Available Credentials box, select the credentials to use to log in to a system that requires authentication.

      2. Use the right arrow key to move the selected credentials from the Available Credentials box to the Selected Credentials box.

      3. Click Test Credentials to test the selected credentials and then click TEST in the Test Credentials? dialog box.

        The results are reported under the Test Results tab.

      4. Click the Edit Credentials icon () to make any changes.

    12. Click SAVE.

    To configure a Cloud scan:

    1. Go to Scans.

    2. Click ADD SCAN.

    3. In the Scan Name field, enter a name of the scan to run.

    4. If you selected All Organizations in the Organization dropdown list at the top of the GUI, you can select which organization the scan will belong to.

    5. In the Scan Type dropdown list, select Cloud.

    6. In the Site dropdown list, select the name of the site where you want to save the scan results to.

    7. In the Connector dropdown list, select which connector to use.

    8. In the Notes field, enter an optional description of the scan.

    9. Under Settings, make the following changes:

      1. In the Run scan dropdown list, select whether to run the scan Once, Hourly, Every N Hours, Daily, Weekly, or Monthly. If you select Every N Hours, enter the number of hours and minutes.

      2. In the Start Time field, click the calendar icon and select the date and time to start the scan or enter the date and time when the scan will run.

      3. Select the number of hours to wait before starting the scan if the FortiDevice Detector is busy.

      4. In the Scan Timeout dropdown lists, select how many hours and minutes must pass before the scan is canceled.

      5. If you want to include the asset owner in the scan, select the Specify owner for the scanned assets checkbox, click in the field, and select one of the checkboxes.

    10. Click SAVE.

    To configure a FortiClient EMS scan:

    1. Go to Scans.

    2. Click ADD SCAN.

    3. In the Scan Name field, enter a name of the scan to run.

    4. If you selected All Organizations in the Organization dropdown list at the top of the GUI, you can select which organization the scan will belong to.

    5. In the Scan Type dropdown list, select FortiClient EMS.

    6. In the Site dropdown list, select the name of the site where you want to save the scan results to.

    7. Click in the Detector field to select the name of the detector to use for the scan.

    8. In the Connector dropdown list, select which connector to use.

    9. Select the Use Detector Proxy checkbox if you want to use a Detector proxy.

    10. In the Notes field, enter an optional description of the scan.

    11. Under Settings, make the following changes:

      1. In the Run scan dropdown list, select whether to run the scan Once, Hourly, Every N Hours, Daily, Weekly, or Monthly. If you select Every N Hours, enter the number of hours and minutes.

      2. In the Start Time field, click the calendar icon and select the date and time to start the scan or enter the date and time when the scan will run.

      3. Select the number of hours to wait before starting the scan if the FortiDevice Detector is busy.

      4. In the Scan Timeout dropdown lists, select how many hours and minutes must pass before the scan is canceled.

      5. If you want to include the asset owner in the scan, select the Specify owner for the scanned assets checkbox, click in the field, and select one of the checkboxes.

    12. Click SAVE.

    Viewing the scanʼs status

    After you configure a scan, you can see its status and configuration details by going to Scans.

    When a scan finishes, the results are recorded and reported in the following pages:

    Viewing the scanʼs details

    From the Scans page, you can click on the name of a scan to see more details, including the scan history with asset changes.

    Previous
    Next

    Adding a scan

    Adding a scan

    Running a scan finds, identifies, and builds an inventory of all the connected devices and assets on your internal network. The inventory helps you to keep track of exactly what is on your network and verifies that no unknown devices are connected.

    This section covers the following topics:

    Configuring a scan

    You configure a scan by selecting the site, detector, scope, start time, and other parameters. You can configure a standard, Cloud, or FortiClient EMS scan.

    Note

    To run a scan against a specific site, FortiDevice Detector must be installed and active and either assigned to that site or configured for all sites.

    FortiDevice uses the browserʼs default time zone when scheduling and running scans. To change the time zone, refer to Checking the settings.

    The following table shows the differences among the scan rates, including the initial round-trip time (RTT) timeout and maximum RTT timeout.

    Scan Rate

    Time between scans

    Initial RTT timeout

    Maximum RTT timeout

    Cautious

    5 minutes

    5 minutes

    5 minutes

    Moderate

    15 seconds

    15 seconds

    15 seconds

    Steady

    0.4 seconds

    0.4 seconds

    0.4 seconds

    Standard

    Fast

    10 milliseconds

    500 milliseconds

    1,250 milliseconds

    Faster

    5 milliseconds

    250 milliseconds

    300 milliseconds
    To choose a scan rate:

    • Use the Cautious or Moderate scan rate when you need to evade Intrusion Detection Systems.

    • Use the Steady scan rate when you need to conserve bandwidth.

    • No parameters are set for the Standard scan rate. This setting is suitable for most environments.

    • Use the Fast scan rate for reliable and fast networks.

    • Use the Faster scan rate for very fast networks or when the priority is speed rather than accuracy. It might trigger alarms on target systems.

    To configure a standard scan:

    1. Go to Scans.

    2. Click ADD SCAN.

    3. In the Scan Name field, enter a name of the scan to run.

    4. If you selected All Organizations in the Organization dropdown list at the top of the GUI, you can select which organization the scan will belong to.

    5. In the Scan Type dropdown list, select Standard.

      This setting is the default.

    6. In the Site dropdown list, select the name of the site where you want to save the scan results to.

    7. Click in the Detector field to select the name of the detector to use for the scan.

    8. In the Scan Scope field, enter the IPv4 addresses, CIDR address, IP address ranges, or domain names to scan. You can use an asterisk as a wild card for the last octet, for example, 172.17.3.*.

    9. In the Scan Exclusions field, enter the IPv4 addresses, CIDR address, IP address ranges, or domain names that will not be scanned. You can use an asterisk as a wild card for the last octet, for example, 172.17.3.*.

    10. Under Settings, make the following changes:

      1. In the Scan Rate/Network Load dropdown list, select Cautious, Moderate, Steady, Standard (Default), Fast, Faster, or Custom. If you select Custom, select the number of packets per second.

      2. In the Vulnerability Scan Level dropdown list, select Full, Partial, or None:

        • Full—FortiDevice performs vulnerability scanning with all the policies in the vulnerability library. This level is more thorough but slower.
        • Partial—FortiDevice performs vulnerability scanning with some of the policies in the vulnerability library. FortiDevice scans the asset first to detect which services are enabled and then performs vulnerability scanning based on the services on the asset. This level is less thorough but quicker.
        • None—FortiDevice does not perform any vulnerability scanning.

      3. If you want to limit which ports are used for scanning, select the Specify Scan Ports checkbox and enter the port number in the field.

      4. Select the Scan with a FortiDeceptor checkbox if you are using FortiDeceptor.

      5. In the Connector dropdown list, select which connector to use.

      6. Select the Skip Decoy VMs checkbox if you do not want to scan decoy VMs.

      7. Select the Use Detector Proxy checkbox if you want to use a Detector proxy.

      8. If you want to include the asset owner in the scan, select the Specify owner for the scanned assets checkbox, click in the field, and select one of the checkboxes.

      9. In the Notes field, enter an optional description of the scan.

      10. In the Run scan dropdown list, select whether to run the scan Once, Hourly, Every N Hours, Daily, Weekly, or Monthly. If you select Every N Hours, enter the number of hours and minutes.

      11. In the Start Time field, click the calendar icon and select the date and time to start the scan or enter the date and time when the scan will run.

      12. Select the number of hours to wait before starting the scan if the FortiDevice Detector is busy.

      13. In the Scan Timeout dropdown lists, select how many hours and minutes must pass before the scan is canceled.

      14. Select how vCenter/ESXi VMs are processed.

        • Select Only show VMs in the hypervisor asset details if you want all VMs to be merged in the authentication scan report.

        • Select Show VMs with IP addresses as separate assets in the asset inventory and in the hypervisor asset details if you want the VMs to be reported as standalone assets in the authentication scan report.

    11. Under Credentials, make the following changes:

      1. In the Available Credentials box, select the credentials to use to log in to a system that requires authentication.

      2. Use the right arrow key to move the selected credentials from the Available Credentials box to the Selected Credentials box.

      3. Click Test Credentials to test the selected credentials and then click TEST in the Test Credentials? dialog box.

        The results are reported under the Test Results tab.

      4. Click the Edit Credentials icon () to make any changes.

    12. Click SAVE.

    To configure a Cloud scan:

    1. Go to Scans.

    2. Click ADD SCAN.

    3. In the Scan Name field, enter a name of the scan to run.

    4. If you selected All Organizations in the Organization dropdown list at the top of the GUI, you can select which organization the scan will belong to.

    5. In the Scan Type dropdown list, select Cloud.

    6. In the Site dropdown list, select the name of the site where you want to save the scan results to.

    7. In the Connector dropdown list, select which connector to use.

    8. In the Notes field, enter an optional description of the scan.

    9. Under Settings, make the following changes:

      1. In the Run scan dropdown list, select whether to run the scan Once, Hourly, Every N Hours, Daily, Weekly, or Monthly. If you select Every N Hours, enter the number of hours and minutes.

      2. In the Start Time field, click the calendar icon and select the date and time to start the scan or enter the date and time when the scan will run.

      3. Select the number of hours to wait before starting the scan if the FortiDevice Detector is busy.

      4. In the Scan Timeout dropdown lists, select how many hours and minutes must pass before the scan is canceled.

      5. If you want to include the asset owner in the scan, select the Specify owner for the scanned assets checkbox, click in the field, and select one of the checkboxes.

    10. Click SAVE.

    To configure a FortiClient EMS scan:

    1. Go to Scans.

    2. Click ADD SCAN.

    3. In the Scan Name field, enter a name of the scan to run.

    4. If you selected All Organizations in the Organization dropdown list at the top of the GUI, you can select which organization the scan will belong to.

    5. In the Scan Type dropdown list, select FortiClient EMS.

    6. In the Site dropdown list, select the name of the site where you want to save the scan results to.

    7. Click in the Detector field to select the name of the detector to use for the scan.

    8. In the Connector dropdown list, select which connector to use.

    9. Select the Use Detector Proxy checkbox if you want to use a Detector proxy.

    10. In the Notes field, enter an optional description of the scan.

    11. Under Settings, make the following changes:

      1. In the Run scan dropdown list, select whether to run the scan Once, Hourly, Every N Hours, Daily, Weekly, or Monthly. If you select Every N Hours, enter the number of hours and minutes.

      2. In the Start Time field, click the calendar icon and select the date and time to start the scan or enter the date and time when the scan will run.

      3. Select the number of hours to wait before starting the scan if the FortiDevice Detector is busy.

      4. In the Scan Timeout dropdown lists, select how many hours and minutes must pass before the scan is canceled.

      5. If you want to include the asset owner in the scan, select the Specify owner for the scanned assets checkbox, click in the field, and select one of the checkboxes.

    12. Click SAVE.

    Viewing the scanʼs status

    After you configure a scan, you can see its status and configuration details by going to Scans.

    When a scan finishes, the results are recorded and reported in the following pages:

    Viewing the scanʼs details

    From the Scans page, you can click on the name of a scan to see more details, including the scan history with asset changes.

    Previous
    Next