FortiNAC Quarantine action

Users can configure an automation stitch with the FortiNAC Quarantine action with a Compromised Host or Incoming Webhook trigger. When the automation is triggered, the client PC will be quarantined and its MAC address is disabled in the configured FortiNAC.

In this example, the FortiNAC has been configured to join an enabled Security Fabric. See FortiNAC for more information.

The FortiNAC must also be configured to isolate disabled hosts:

To configure an automation stitch with a FortiNAC quarantine action in the GUI:
  1. Create a new API user and generate the API key:
    1. Go to System > Administrators and click Create New > REST API Admin.
    2. Configure the settings as needed.
    3. Click OK. The New API key window opens.
    4. Copy the key to the clipboard and click Close.

    5. Click OK.
  2. Configure the automation stitch trigger:
    1. Go to Security Fabric > Automation and click Create New.
    2. Enter the stitch name (auto_webhook).
    3. Click Add Trigger.
    4. Click Create and select Incoming Webhook.
    5. Enter a name (auto_webhook).
    6. Click OK.
    7. Paste the key in the API admin key field.

    8. Click OK.
    9. Select the trigger in the list and click Apply.</