Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiDLP Administration Guide

    Home FortiDLP FortiDLP Administration Guide

    Node archiving

    Node archiving

    FortiDLP provides automatic and manual archiving functionality to exclude managed nodes from the FortiDLP Console, so operators can focus only on those that are relevant.

    • Auto-archiving allows you to automatically hide inactive and duplicate managed nodes from the FortiDLP Console. An inactive node is one that is offline for a configurable period of time, and a duplicate node is one that results from the Agent being re-enrolled on a device. For details on this functionality, see Creating Agent configuration groups.
    • Manual archiving allows you to manually exclude/include managed nodes from the FortiDLP Console via the Nodes module for any reason. This functionality is described in Manually archiving and unarchiving nodes.
      • Example

      For example, you may want to manually archive a node that has been decommissioned, or you may want to unarchive a node used by an employee who took a long leave of absence.

    When a node is archived, by default, it will not display on the Nodes module. However, for auditing purposes, you can still search for an archived node's events, which can be used for searches, investigations, and reports. The operator/setting responsible for archiving a node, as well as the archive reason is also recorded.

    If needed, you can manually unarchive a node, which will expose it in all parts of the FortiDLP Console again. An archived node will be automatically unarchived if the Agent communicates with the FortiDLP Infrastructure again (see the following table).

    Node states

    When using archiving functionality, it is important to note that a managed node will have one of four states when viewed from the Nodes.

    Node states
    State Description
    Active The managed node has an active Agent heartbeat.
    Archived

    The managed node has been manually or automatically archived.

    A node in this state can revert to an Active state upon the Agent sending a heartbeat to the FortiDLP Infrastructure.
    Always active

    The managed node has been manually unarchived.

    A node will remain in this state unless it is manually archived, at which point, it can take on an Active state again (upon the Agent sending a heartbeat to the FortiDLP Infrastructure).
    Always archived

    The managed node has been manually set to be always archived via the FortiDLP API.

    A node will remain in this state unless it is manually changed using the FortiDLP Console or API.
    Note

    Node and user states are independent of each other. For information on the different states a user can be set to, see User archiving and deleting.
    Previous
    Next

    Node archiving

    Node archiving

    FortiDLP provides automatic and manual archiving functionality to exclude managed nodes from the FortiDLP Console, so operators can focus only on those that are relevant.

    • Auto-archiving allows you to automatically hide inactive and duplicate managed nodes from the FortiDLP Console. An inactive node is one that is offline for a configurable period of time, and a duplicate node is one that results from the Agent being re-enrolled on a device. For details on this functionality, see Creating Agent configuration groups.
    • Manual archiving allows you to manually exclude/include managed nodes from the FortiDLP Console via the Nodes module for any reason. This functionality is described in Manually archiving and unarchiving nodes.
      • Example

      For example, you may want to manually archive a node that has been decommissioned, or you may want to unarchive a node used by an employee who took a long leave of absence.

    When a node is archived, by default, it will not display on the Nodes module. However, for auditing purposes, you can still search for an archived node's events, which can be used for searches, investigations, and reports. The operator/setting responsible for archiving a node, as well as the archive reason is also recorded.

    If needed, you can manually unarchive a node, which will expose it in all parts of the FortiDLP Console again. An archived node will be automatically unarchived if the Agent communicates with the FortiDLP Infrastructure again (see the following table).

    Node states

    When using archiving functionality, it is important to note that a managed node will have one of four states when viewed from the Nodes.

    Node states
    State Description
    Active The managed node has an active Agent heartbeat.
    Archived

    The managed node has been manually or automatically archived.

    A node in this state can revert to an Active state upon the Agent sending a heartbeat to the FortiDLP Infrastructure.
    Always active

    The managed node has been manually unarchived.

    A node will remain in this state unless it is manually archived, at which point, it can take on an Active state again (upon the Agent sending a heartbeat to the FortiDLP Infrastructure).
    Always archived

    The managed node has been manually set to be always archived via the FortiDLP API.

    A node will remain in this state unless it is manually changed using the FortiDLP Console or API.
    Note

    Node and user states are independent of each other. For information on the different states a user can be set to, see User archiving and deleting.
    Previous
    Next