Fortinet white logo
Fortinet white logo

Administration Guide

7.2.0

Device profiler

Device profiler

Controls creation of rogue hosts from DHCP packets heard on the network.

Field

Definition

Create Rogues from DHCP packets

When enabled, rogues will be created from information learned from DHCP packets heard on the network. It helps to quickly learn about hosts communicating on the network, but in some network environments it can add a large number of rogues hosts from unmanaged areas of the network.

Default = true

Note

FortiNAC-OS Requirement: "set allowaccess" command option "dhcp". See Open ports for details.

Perform Active (NMAP) profiling without ICMP ping

When enabled, Active NMAP scans will not perform a ICMP ping of the host prior to initiating the NMAP scan. This allows networks where ICMP is blocked to still do NMAP scanning. This is disabled by default as it could be a considerable performance drain scanning a large number of uncontactable hosts.

Default = false

FortiGuard IoT Query URL

The URL for the API to which FortiNAC must connect to query IoT data from the FortiGuard IoT service. This information is used when profiling IoT devices using the Device Profiler method "FortiGuard". For a list of possible servers, click the "?" button next to the option.

Enable FortiGuard IoT Collect Service

When enabled, FortiNAC sends DHCP fingerprint information collected from IoT devices on the network to the FortiGuard IoT service. This improves the query results when profiling devices using the "FortiGuard" Device Profiler method.

FortiGuard Collect URL

The URL for the API to which FortiNAC must connect to send IoT data. For a list of possible servers, click the "?" button next to the option. The possible servers are:

Anycast:

globaldevcollect.fortinet.net

usdevcollect.fortinet.net

eudevcollect.fortinet.net

AWS:

globaldevcollect2.fortinet.net

usdevcollect2.fortinet.net

eudevcollect2.fortinet.net

Note: Users can input URL based on their region. For example, users from the European Union can use the URL with eu.

Proactive "Active" method profiling

Enable this to automatically active endpoint (NMAP) fingerprints. User doesn't need to create a device profiling rule to identify devices

Proactive "Fortiguard" method profiling

Enable this to automatically create Fortiguard fingerprints. User doesn't need to create a device profiling rule to identify devices.

  1. Click System > Settings.
  2. Expand the User/Host Management folder.
  3. Select Device Profiler from the tree.
  4. Use the check boxes to enable or disable the desired functions.
  5. Enter into the field the desired URL for the FortiGuard IoT service. For a list of options, click to the "?" button next to the field.
  6. Click Save Settings.

Device profiler

Device profiler

Controls creation of rogue hosts from DHCP packets heard on the network.

Field

Definition

Create Rogues from DHCP packets

When enabled, rogues will be created from information learned from DHCP packets heard on the network. It helps to quickly learn about hosts communicating on the network, but in some network environments it can add a large number of rogues hosts from unmanaged areas of the network.

Default = true

Note

FortiNAC-OS Requirement: "set allowaccess" command option "dhcp". See Open ports for details.

Perform Active (NMAP) profiling without ICMP ping

When enabled, Active NMAP scans will not perform a ICMP ping of the host prior to initiating the NMAP scan. This allows networks where ICMP is blocked to still do NMAP scanning. This is disabled by default as it could be a considerable performance drain scanning a large number of uncontactable hosts.

Default = false

FortiGuard IoT Query URL

The URL for the API to which FortiNAC must connect to query IoT data from the FortiGuard IoT service. This information is used when profiling IoT devices using the Device Profiler method "FortiGuard". For a list of possible servers, click the "?" button next to the option.

Enable FortiGuard IoT Collect Service

When enabled, FortiNAC sends DHCP fingerprint information collected from IoT devices on the network to the FortiGuard IoT service. This improves the query results when profiling devices using the "FortiGuard" Device Profiler method.

FortiGuard Collect URL

The URL for the API to which FortiNAC must connect to send IoT data. For a list of possible servers, click the "?" button next to the option. The possible servers are:

Anycast:

globaldevcollect.fortinet.net

usdevcollect.fortinet.net

eudevcollect.fortinet.net

AWS:

globaldevcollect2.fortinet.net

usdevcollect2.fortinet.net

eudevcollect2.fortinet.net

Note: Users can input URL based on their region. For example, users from the European Union can use the URL with eu.

Proactive "Active" method profiling

Enable this to automatically active endpoint (NMAP) fingerprints. User doesn't need to create a device profiling rule to identify devices

Proactive "Fortiguard" method profiling

Enable this to automatically create Fortiguard fingerprints. User doesn't need to create a device profiling rule to identify devices.

  1. Click System > Settings.
  2. Expand the User/Host Management folder.
  3. Select Device Profiler from the tree.
  4. Use the check boxes to enable or disable the desired functions.
  5. Enter into the field the desired URL for the FortiGuard IoT service. For a list of options, click to the "?" button next to the field.
  6. Click Save Settings.