DOCUMENT LIBRARY
DOCUMENT LIBRARY
Products
Best Practices
Hardware Guides
Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
Hybrid Mesh Firewall
FortiGate/ FortiOS
FortiGate-5000
/
6000
/
7000
NOC Management
FortiManager
/
FortiManager Cloud
Managed Fortigate Service
LAN
FortiSwitch
FortiAP / FortiWiFi
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
More >>
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Lacework FortiCNAPP
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Web Application / API Protection
FortiWeb
FortiADC
FortiDAST
More >>
Security Operations
Security Operations Automation
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
SOC-as-a-Service (SOCaaS)
Identity
FortiAuthenticator
FortiTrust Identity
FortiPAM
Early Detection & Prevention
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiDeceptor
FortiRecon
More >>
Secure Networking
Hybrid Mesh Firewall
FortiGate/ FortiOS
FortiGate-5000
/
6000
/
7000
NOC Management
FortiManager
/
FortiManager Cloud
Managed Fortigate Service
FortiAIOps
LAN
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
Communication & Surveillance
FortiVoice
/
FortiVoice Cloud
FortiFone
FortiCamera
FortiRecorder
FortiCentral
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Cloud-Native Security
Lacework FortiCNAPP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiADC
FortiDAST
Security Operations
Security Operations Automation
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
Endpoint
FortiClient
/
FortiClient Cloud
FortiEDR/XDR
Data Protection
FortiDLP
FortiDLP Agent
FortiDLP Policies
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken
/
FortiToken Cloud
FortiPAM
Email
FortiMail
FortiPhish
Early Detection & Prevention
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiDeceptor
FortiRecon
Expert Services
SOC-as-a-Service (SOCaaS)
Edge Firewall
FortiGate/FortiOS
FortiGate-5000
/
6000
/
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
Overlay-as-a-Service
SD Branch
FortiSwitch
FortiAP / FortiWiFi
FortiExtender
/
FortiExtender Cloud
Application Delivery
FortiADC
/
FortiGSLB
Single Vendor SASE
FortiSASE
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Secure Private Access
Secure SD-WAN
Zero Trust Network Access (ZTNA)
Thin Edge
FortiGate/ FortiOS
FortiAP / FortiWiFi
FortiExtender
/
FortiExtender Cloud
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Application Gateway
FortiGate/ FortiOS
FortiProxy
FortiADC
/
FortiGSLB
Enterprise Asset Management
FortiClient EMS
Endpoint Agent
FortiClient
/
FortiClient Cloud
Agentless Security Posture
FortiNAC-F
FortiSIEM
/
FortiSIEM Cloud
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Wireless
FortiAP / FortiWiFi
FortiAP-U Series
FortiGate Cloud
Switching
FortiSwitch
FortiEdge Cloud
FortiNAC-F
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Privilege Acccess Management
FortiPAM
Next Generation Firewall
FortiGate / FortiOS
FortiGate-5000
/
6000
/
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
Expert Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
All
FortiADC Public Cloud
FortiAnalyzer Public Cloud
FortiAuthenticator Public Cloud
FortiDeceptor Public Cloud
FortiGate Public Cloud
FortiIsolator Public Cloud
FortiManager Public Cloud
FortiNDR Public Cloud
FortiPAM Public Cloud
FortiPortal Public Cloud
FortiProxy Public Cloud
FortiSandbox Public Cloud
FortiTester Public Cloud
FortiVoice Public Cloud
FortiWeb Manager Public Cloud
FortiWeb Public Cloud
All
FortiADC Private Cloud
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Private Cloud
FortiAuthenticator Private Cloud
FortiDeceptor Private Cloud
FortiGate Private Cloud
FortiManager Private Cloud
FortiNDR Private Cloud
FortiPAM Private Cloud
FortiProxy Private Cloud
FortiSandbox Private Cloud
FortiTester Private Cloud
FortiVoice Private Cloud
FortiWeb Manager Private Cloud
FortiWeb Private Cloud
Account Management
FortiCloud Services
SAAS Management
FortiGate Cloud
FortiEdge Cloud
FortiEdge Cloud
FortiExtender Cloud
FortiPresence Cloud
FortiToken Cloud
FortiTrust Identity
FortiZTP
FortiCamera Cloud
SAAS Application Security
FortiWeb Cloud
FortiGSLB
FortiCASB
FortiCNP
FortiInsight
FortiPhish
FortiGate CNF
Managed Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
Platform as a service (PAAS)
FortiSASE
FortiAnalyzer Cloud
FortiManager Cloud
FortiClient Cloud
FortiSandbox Cloud
FortiMail Cloud
FortiSOAR Cloud
Other SAAS Services
Overlay-as-a-Service
FortiRecon
FortiConverter
ForiIPAM
FortiFlex
FortiCare Elite
4D Resources
Solution Hubs
Define, design, deploy, demo
4D Pillars
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Curated Links by Solution
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
Next Generation Firewall
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiGate
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Search documents and hardware ...
Administration Guide
What's new
Version FÂ 7.4.0
First time users
FortiNAC
Introduction
Performance Sizing and Capacity
Monitoring
Monitor devices
View and register known devices
Learning about hosts on the network
Isolate unknown devices
Control access based on device types
View logs and reports
Netflow Support
DNS configuration
IPv6 support
Guided Install
Login procedure
Connection errors
Licenses
Events and alarms
FortiNAC Manager
Evaluation license keys
Navigation tips
Filters
Dashboard search
Quick search
Wild cards
Find containers or devices
Download logs
Passwords
Time stamps and time zones
Icons
Certificates
Open ports
SNMP trap support
Wireless security
Auto-configured data
SSID mappings
Secure SSID for guest management
Open SSID for guest management
Secure SSID for device onboarding
Open SSID for device onboarding
Dashboard
Adding widgets
Alarms
Endpoint Fingerprints
Host Summary
User Summary
License Information
Logical network host access
Monitors
Network Device Summary
Pending Tasks
Recent hosts
System Performance
Persistent Agent Summary
RADIUS Activity
Security Summary
Scans
System Summary
Top host activity
Menus
Feature Visibility
Import and export data
Import archived data
Import hosts, users or devices
Sample import files
Import from a .csv file
Import from a previous version
Import an administrator
Import IP ranges
CLI import tool
Create .csv files for device import
Import devices with the CLI tool
Import port descriptions
Export data
Users & Hosts
Administrators
Add an administrator
Modify an administrator
Delete an administrator
Copy an administrator
Modify an administrator profile
Administrator profiles
Default administrator profiles
Permissions list
Add an administrator profile
Modify administrator profiles
Delete an administrator profile
Copy an administrator profile
Administrator profile mappings
Mappings process
Add or modify a mapping
Delete a mapping
Limit access with groups
Set privileges based on directory groups
Add administrators to groups
Group membership
Configure secure mode
Guests &Â Contractors
Implementation
Guest &Â Contractor users
Add Single Account
Add Bulk Accounts
Bulk guest import
Add Conference Accounts
Accounts with sponsor privileges
Provide login information
Guest &Â Contractor templates
Visitor types
Create templates
Endpoint compliance policies for guests
Modify templates
Copy templates
Delete templates
Administrator profile
Add a guest manager profile
Add a guest kiosk profile
Add a guest self registration profile
Administrators
Portal page setup
Printer settings for guest badges
Events and alarms
Guest/contractor login
Using a kiosk
Kiosk browser
Log into a kiosk
Account creation
Account activation
Kiosk shut down
Guest self registration
Sponsor Approval Email Links
Account requests
Approve or deny a request
Registration requests
User accounts
Configure table columns and tooltips
Search settings
User properties
Add or modify a user
Delete a user
Add users to groups
Group membership
Guest accounts
Guest account details
Set user expiration date
Hosts, adapters, and applications
USB/Thunderbolt external Ethernet adapters
Hosts
Settings
Drill-down settings
Properties
Host health and scanning
Application inventory
Add or modify a host
Delete a host
Enable or disable hosts
Add IP phones
Add hosts to groups
Group membership
Register a host as a device
Set host expiration date
Send a message to a host
Host registration and user authentication
Adapter View
View and search settings
Properties
Enable or disable an adapter
Modify an adapter
Aging out host or user records
Application view
Endpoint Fingerprints
Profiled devices
How it works
Configure profiled devices
Implementation
Profiles for device managers
Add an administrator
Events and alarms
Device profiling rules
Managing rules
Best practices
Adding a rule
Deleting a rule
Copying a rule
Evaluating rogue hosts
WinRM Device Profile Requirements and Setup
Network sessions
Locate hosts
Manage hosts and ports
Send message
Send messages to hosts
Network
Inventory
Inventory tree contact status
Network summary
Customer icon
Configure container for devices
Rename the customer icon
Containers
Configure container for devices
Container icon
Add or modify a device
Add or modify a pingable device
Add or modify the Palo Alto User-ID agent as a pingable
Convert all pingables to hosts
Discovery
Discovery results
Device view
Delete a device
Replace a device using the same IP address
Convert devices to hosts
Device group membership
Local management
Move a device to a different container
Network access/VLANs
Poll for contact status
Poll for L2 (hosts) information
Ports and hosts
Device properties
Modify multiple device properties
Pingable device properties
View role membership
Set device mapping for unknown SNMP devices
Update device mapping
Firewall session polling
Modifying Switch Components in a Stack
Device configuration
Delete a device
Resync Interfaces
Model configuration
Global model configuration
Set CDP polling
Wired devices and 802.1X
Secure port/static port overview
Credentials
Ports view
Update ports view
View connection details
Add ports to groups
Modify multiple ports
Group membership
Remove ports from multiple groups
Port properties
Port uplink types
SSID view
SSID configuration
Modify multiple SSIDs
Virtualized Devices
Logical networks
Configuring logical networks
Assigning access values and CLIÂ configurations
Configuring network access policies
RADIUS
Configure Local RADIUS Server settings
Legacy Proxy
Failover process
Validate redundant RADIUS
Upgrade Procedure (Existing Proxy Configurations)
Re-Enable Legacy Proxy
Convert from Legacy to Virtual Proxy Server
Virtual Servers
Configure Local Server
Configure Proxy Server
Domain Mappings
Attribute Groups
Winbind
Activity
Service Connectors
Email/SMS
Email server
SMTP SMS Gateway
REST SMS Gateway
Google authentication
Google Developer's Console
Add or modify account settings
Enable push notifications
RADIUS auth source
MDM services
Security Fabric Connection
FortiLAN
CLI configuration
Configuration in use
Show configuration
Port based and host based configurations
Add or modify a configuration
Sample configurations
Implement configurations
Apply a port based configuration via model configuration
Apply a host based configuration via the model configuration
Apply a CLI configuration using a role
Apply a CLI configuration using a network access policy
Apply a CLI configuration using a scheduled task
Requirements for ACL based configurations
Create the Cisco extended ACL
Apply the ACL to the physical interface
Poll the switch/router
L2 polling
L3 polling
Network events
Port changes
Policy & Objects
Policy overview
Policy assignment
Policy details
Policy simulator
User/host profiles
Filter example
Profile example
Profiles in use
Delete a profile
Portal policy
Implementation
Manage policies
Create or edit a policy
Delete a policy
Authentication
Manage policies
Create or edit a policy
Delete a policy
When no profile or policy exists
Authentication configurations
Add or modify a policy
Delete a configuration
Network access
Implementation
Manage policies
Create or edit a policy
Delete a policy
Network access configurations
Create or edit a configuration
Configurations in use
Delete a configuration
Endpoint compliance
Implementation
Agent overview
Dissolvable Agent
Persistent Agent
Installation for Windows
Installation for macOS
Installation for Linux
Using the Persistent Agent
Using Windows domain logon credentials
GPO settings for high availability
Certificate validation
Upgrade the Persistent Agent
Logging
Mobile Agent
Agent server communications
SSL certificates
DNS server configuration
Agent server discovery
Persistent Agent on Windows
Persistent Agent on macOS
Persistent Agent on Linux
Host logging for agent security
Auto-definition updates
Endpoint compliance policies
Determining host operating system
Create or edit a policy
Delete a policy
Endpoint compliance configurations
Create or edit a configuration
Configurations in use
Delete a configuration
Chaining configuration scans
Scans
Scan on connect
Scan hosts without enforcing remediation
Delayed remediation
Add or modify a scan
Delete a scan
Scans in use
Schedule a scan
Custom scans
Create a scan
Scan categories
Windows
macOS
Linux
Severity level
Use case
Scan parameters
Antivirus parameters - Windows
Antivirus parameters - macOS
Operating system parameters - Windows
Operating systems parameters - macOS
Supplicant EasyConnect
Requirements
Manage policies
Create or edit a policy
Delete a policy
Supplicant configurations
Create or edit a configuration
Configurations in use
Delete a configuration
Passive Agent
Registration
Manage configurations
Add or modify configuration
Delete configuration
Copy configuration
IP ranges
Test a directory user
Administrative templates for GPO
CLI arguments
Remediation configurations
Add a scan
View scan status
Clear scanned hosts list
Modify or remove a scan
Roles
Configuration
Assigning roles
Roles view
Add a role
Modify or delete roles
Role in use
Network device roles
Add role mappings
Modify or delete role mapping
Portal
Portal configuration
Registration Approval (Version 8.8.2 and above)
Splash page
Portal content editor
Edit style sheets
Export portal content
Import portal content
Upload images
Sample portal page
Using special characters
Configuration
Host inventory
Multiple portals
Create a portal
Copy a portal
Select a default portal
Edit portal settings
Delete a portal
Configure authentication credentials
Portal configuration - version 1 settings
Content fields
Global properties
Registration
Authentication
Remediation
VPN portal
Isolation portal
Dead end portal
Policy failure portal
Agent portal
EasyConnect portal
Host inventory portal
Social Media for Captive Portal
Request Processing Rules
Portal SSL
Logs
Audit Logs
Configuration
Accessing the auditing log
Events
Event notes
Events and alarms list
Event management
Enable and disable events
Event thresholds
Log events to an external log host
Examples of syslog messages
View events currently mapped to alarms
Alarms
Show or hide alarm details
Map events to alarms
Add or modify alarm mapping
Bulk modify alarm mappings
Delete alarm mapping
Reports
Standard report templates
Preview standard report templates
Guest registrations report
Registrations report
Scan results report
Custom reports
Add a custom report
Preview a custom report
Modify a custom report
Remove a custom report
Schedule reports
Archived reports
Scan results
Show details
Archive and clear all scans
Archive and clear selected scans
Security Incidents
Implementation
Security rules
Add or modify a rule
Delete a rule
Triggers
Add a trigger
Delete a trigger
Add or modify filters
Delete a filter
Security actions
Add or modify an action
Delete an action
Add or modify activities
Delete an activity
Security alarms
Security events
Vendor severity levels
System
Certificate management
Server certificates
Trusted certificates
Config wizard
Groups
Add groups
Copy a group
Delete a group
Limit user access with groups
Modify a group
Group membership
Show group members
Group in use
Aging hosts in a group
System groups
Customer defined groups
Feature Visibility
Scheduler
Add a task
Add other scheduled tasks
Copy a task
Delete a task
Modify a task
Run task now
Tasks
Settings
Authentication
Automatic authentication
Directories
Requirements
Structure and synchronization
Configuration
Delete a directory
Schedule synchronization
Preview
Create a keystore for SSL or TLS
Roaming guests
Control
Access point management
Allowed domains
Quarantine
Identification
Device types
NAT detection
Rogue DHCP server detection
Vendor OUIs
Network device
Persistent Agent
Agent update
Credential configuration
Properties
Status notifications
Transport configurations
USB detection
Reports
System communication
Addresses
Certificate management
Email settings
Log receivers
Email/SMS Message Templates
Patch management
Proxy settings
SNMP
Syslog files
Security event parsers
Trap MIB files
Vulnerability scanner
System management
Database archive
Database backup/restore
High availability
License management
NTP and time zone
Power management
Remote backup configuration
System backups
Updates
Agent packages
System update
User/Host Management
Aging
Allowed hosts
Device profiler
MAC address exclusion
Change log
Home
FortiNAC-F 7.4.0
Administration Guide
7.4.0
7.6.0
7.4.0
7.2.0
What's new
What's new
This section covers What's New for FortiNAC version F 7.4.
Previous
Next
What's new
What's new
This section covers What's New for FortiNAC version F 7.4.
Previous
Next
Home
Product Pillars
Network Security
Network Security
FortiGate / FortiOS
FortiGate 5000
FortiGate 6000
FortiGate 7000
FortiProxy
NOC & SOC Management
FortiManager
FortiManager Cloud
FortiAnalyzer
FortiAnalyzer Cloud
FortiMonitor
FortiGate Cloud
Enterprise Networking
Secure SD-WAN
FortiLAN Cloud
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiNAC-F
FortiExtender
FortiExtender Cloud
FortiAIOps
Business Communications
FortiFone
FortiVoice
FortiVoice Cloud
FortiRecorder
FortiCamera
Zero Trust Access
ZTNA
Zero Trust Network Access
FortiClient EMS
SASE
FortiSASE
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Cloud Security
Hybrid Cloud Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiFlex
Cloud Native Protection
FortiCNP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiWeb Cloud
FortiADC
FortiGSLB
FortiGuard ABP
SAAS Security
FortiMail
FortiMail Cloud
FortiCASB
Security Operations
SOC Platform
FortiAnalyzer
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
FortiPhish
Advanced Threat Protection
FortiSandbox
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiInsight
FortiInsight Cloud
FortiIsolator
Endpoint Security
FortiClient
FortiClient Cloud
FortiEDR
Best Practices
Solution Hubs
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Next Generation Firewall
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
4-D Resources
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Hardware Guides
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
Product A-Z
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Ordering Guides
Download PDF
Table of Contents
What's new
Version FÂ 7.4.0
First time users
FortiNAC
Introduction
Performance Sizing and Capacity
Monitoring
Monitor devices
View and register known devices
Learning about hosts on the network
Isolate unknown devices
Control access based on device types
View logs and reports
Netflow Support
DNS configuration
IPv6 support
Guided Install
Login procedure
Connection errors
Licenses
Events and alarms
FortiNAC Manager
Evaluation license keys
Navigation tips
Filters
Dashboard search
Quick search
Wild cards
Find containers or devices
Download logs
Passwords
Time stamps and time zones
Icons
Certificates
Open ports
SNMP trap support
Wireless security
Auto-configured data
SSID mappings
Secure SSID for guest management
Open SSID for guest management
Secure SSID for device onboarding
Open SSID for device onboarding
Dashboard
Adding widgets
Alarms
Endpoint Fingerprints
Host Summary
User Summary
License Information
Logical network host access
Monitors
Network Device Summary
Pending Tasks
Recent hosts
System Performance
Persistent Agent Summary
RADIUS Activity
Security Summary
Scans
System Summary
Top host activity
Menus
Feature Visibility
Import and export data
Import archived data
Import hosts, users or devices
Sample import files
Import from a .csv file
Import from a previous version
Import an administrator
Import IP ranges
CLI import tool
Create .csv files for device import
Import devices with the CLI tool
Import port descriptions
Export data
Users & Hosts
Administrators
Add an administrator
Modify an administrator
Delete an administrator
Copy an administrator
Modify an administrator profile
Administrator profiles
Default administrator profiles
Permissions list
Add an administrator profile
Modify administrator profiles
Delete an administrator profile
Copy an administrator profile
Administrator profile mappings
Mappings process
Add or modify a mapping
Delete a mapping
Limit access with groups
Set privileges based on directory groups
Add administrators to groups
Group membership
Configure secure mode
Guests &Â Contractors
Implementation
Guest &Â Contractor users
Add Single Account
Add Bulk Accounts
Bulk guest import
Add Conference Accounts
Accounts with sponsor privileges
Provide login information
Guest &Â Contractor templates
Visitor types
Create templates
Endpoint compliance policies for guests
Modify templates
Copy templates
Delete templates
Administrator profile
Add a guest manager profile
Add a guest kiosk profile
Add a guest self registration profile
Administrators
Portal page setup
Printer settings for guest badges
Events and alarms
Guest/contractor login
Using a kiosk
Kiosk browser
Log into a kiosk
Account creation
Account activation
Kiosk shut down
Guest self registration
Sponsor Approval Email Links
Account requests
Approve or deny a request
Registration requests
User accounts
Configure table columns and tooltips
Search settings
User properties
Add or modify a user
Delete a user
Add users to groups
Group membership
Guest accounts
Guest account details
Set user expiration date
Hosts, adapters, and applications
USB/Thunderbolt external Ethernet adapters
Hosts
Settings
Drill-down settings
Properties
Host health and scanning
Application inventory
Add or modify a host
Delete a host
Enable or disable hosts
Add IP phones
Add hosts to groups
Group membership
Register a host as a device
Set host expiration date
Send a message to a host
Host registration and user authentication
Adapter View
View and search settings
Properties
Enable or disable an adapter
Modify an adapter
Aging out host or user records
Application view
Endpoint Fingerprints
Profiled devices
How it works
Configure profiled devices
Implementation
Profiles for device managers
Add an administrator
Events and alarms
Device profiling rules
Managing rules
Best practices
Adding a rule
Deleting a rule
Copying a rule
Evaluating rogue hosts
WinRM Device Profile Requirements and Setup
Network sessions
Locate hosts
Manage hosts and ports
Send message
Send messages to hosts
Network
Inventory
Inventory tree contact status
Network summary
Customer icon
Configure container for devices
Rename the customer icon
Containers
Configure container for devices
Container icon
Add or modify a device
Add or modify a pingable device
Add or modify the Palo Alto User-ID agent as a pingable
Convert all pingables to hosts
Discovery
Discovery results
Device view
Delete a device
Replace a device using the same IP address
Convert devices to hosts
Device group membership
Local management
Move a device to a different container
Network access/VLANs
Poll for contact status
Poll for L2 (hosts) information
Ports and hosts
Device properties
Modify multiple device properties
Pingable device properties
View role membership
Set device mapping for unknown SNMP devices
Update device mapping
Firewall session polling
Modifying Switch Components in a Stack
Device configuration
Delete a device
Resync Interfaces
Model configuration
Global model configuration
Set CDP polling
Wired devices and 802.1X
Secure port/static port overview
Credentials
Ports view
Update ports view
View connection details
Add ports to groups
Modify multiple ports
Group membership
Remove ports from multiple groups
Port properties
Port uplink types
SSID view
SSID configuration
Modify multiple SSIDs
Virtualized Devices
Logical networks
Configuring logical networks
Assigning access values and CLIÂ configurations
Configuring network access policies
RADIUS
Configure Local RADIUS Server settings
Legacy Proxy
Failover process
Validate redundant RADIUS
Upgrade Procedure (Existing Proxy Configurations)
Re-Enable Legacy Proxy
Convert from Legacy to Virtual Proxy Server
Virtual Servers
Configure Local Server
Configure Proxy Server
Domain Mappings
Attribute Groups
Winbind
Activity
Service Connectors
Email/SMS
Email server
SMTP SMS Gateway
REST SMS Gateway
Google authentication
Google Developer's Console
Add or modify account settings
Enable push notifications
RADIUS auth source
MDM services
Security Fabric Connection
FortiLAN
CLI configuration
Configuration in use
Show configuration
Port based and host based configurations
Add or modify a configuration
Sample configurations
Implement configurations
Apply a port based configuration via model configuration
Apply a host based configuration via the model configuration
Apply a CLI configuration using a role
Apply a CLI configuration using a network access policy
Apply a CLI configuration using a scheduled task
Requirements for ACL based configurations
Create the Cisco extended ACL
Apply the ACL to the physical interface
Poll the switch/router
L2 polling
L3 polling
Network events
Port changes
Policy & Objects
Policy overview
Policy assignment
Policy details
Policy simulator
User/host profiles
Filter example
Profile example
Profiles in use
Delete a profile
Portal policy
Implementation
Manage policies
Create or edit a policy
Delete a policy
Authentication
Manage policies
Create or edit a policy
Delete a policy
When no profile or policy exists
Authentication configurations
Add or modify a policy
Delete a configuration
Network access
Implementation
Manage policies
Create or edit a policy
Delete a policy
Network access configurations
Create or edit a configuration
Configurations in use
Delete a configuration
Endpoint compliance
Implementation
Agent overview
Dissolvable Agent
Persistent Agent
Installation for Windows
Installation for macOS
Installation for Linux
Using the Persistent Agent
Using Windows domain logon credentials
GPO settings for high availability
Certificate validation
Upgrade the Persistent Agent
Logging
Mobile Agent
Agent server communications
SSL certificates
DNS server configuration
Agent server discovery
Persistent Agent on Windows
Persistent Agent on macOS
Persistent Agent on Linux
Host logging for agent security
Auto-definition updates
Endpoint compliance policies
Determining host operating system
Create or edit a policy
Delete a policy
Endpoint compliance configurations
Create or edit a configuration
Configurations in use
Delete a configuration
Chaining configuration scans
Scans
Scan on connect
Scan hosts without enforcing remediation
Delayed remediation
Add or modify a scan
Delete a scan
Scans in use
Schedule a scan
Custom scans
Create a scan
Scan categories
Windows
macOS
Linux
Severity level
Use case
Scan parameters
Antivirus parameters - Windows
Antivirus parameters - macOS
Operating system parameters - Windows
Operating systems parameters - macOS
Supplicant EasyConnect
Requirements
Manage policies
Create or edit a policy
Delete a policy
Supplicant configurations
Create or edit a configuration
Configurations in use
Delete a configuration
Passive Agent
Registration
Manage configurations
Add or modify configuration
Delete configuration
Copy configuration
IP ranges
Test a directory user
Administrative templates for GPO
CLI arguments
Remediation configurations
Add a scan
View scan status
Clear scanned hosts list
Modify or remove a scan
Roles
Configuration
Assigning roles
Roles view
Add a role
Modify or delete roles
Role in use
Network device roles
Add role mappings
Modify or delete role mapping
Portal
Portal configuration
Registration Approval (Version 8.8.2 and above)
Splash page
Portal content editor
Edit style sheets
Export portal content
Import portal content
Upload images
Sample portal page
Using special characters
Configuration
Host inventory
Multiple portals
Create a portal
Copy a portal
Select a default portal
Edit portal settings
Delete a portal
Configure authentication credentials
Portal configuration - version 1 settings
Content fields
Global properties
Registration
Authentication
Remediation
VPN portal
Isolation portal
Dead end portal
Policy failure portal
Agent portal
EasyConnect portal
Host inventory portal
Social Media for Captive Portal
Request Processing Rules
Portal SSL
Logs
Audit Logs
Configuration
Accessing the auditing log
Events
Event notes
Events and alarms list
Event management
Enable and disable events
Event thresholds
Log events to an external log host
Examples of syslog messages
View events currently mapped to alarms
Alarms
Show or hide alarm details
Map events to alarms
Add or modify alarm mapping
Bulk modify alarm mappings
Delete alarm mapping
Reports
Standard report templates
Preview standard report templates
Guest registrations report
Registrations report
Scan results report
Custom reports
Add a custom report
Preview a custom report
Modify a custom report
Remove a custom report
Schedule reports
Archived reports
Scan results
Show details
Archive and clear all scans
Archive and clear selected scans
Security Incidents
Implementation
Security rules
Add or modify a rule
Delete a rule
Triggers
Add a trigger
Delete a trigger
Add or modify filters
Delete a filter
Security actions
Add or modify an action
Delete an action
Add or modify activities
Delete an activity
Security alarms
Security events
Vendor severity levels
System
Certificate management
Server certificates
Trusted certificates
Config wizard
Groups
Add groups
Copy a group
Delete a group
Limit user access with groups
Modify a group
Group membership
Show group members
Group in use
Aging hosts in a group
System groups
Customer defined groups
Feature Visibility
Scheduler
Add a task
Add other scheduled tasks
Copy a task
Delete a task
Modify a task
Run task now
Tasks
Settings
Authentication
Automatic authentication
Directories
Requirements
Structure and synchronization
Configuration
Delete a directory
Schedule synchronization
Preview
Create a keystore for SSL or TLS
Roaming guests
Control
Access point management
Allowed domains
Quarantine
Identification
Device types
NAT detection
Rogue DHCP server detection
Vendor OUIs
Network device
Persistent Agent
Agent update
Credential configuration
Properties
Status notifications
Transport configurations
USB detection
Reports
System communication
Addresses
Certificate management
Email settings
Log receivers
Email/SMS Message Templates
Patch management
Proxy settings
SNMP
Syslog files
Security event parsers
Trap MIB files
Vulnerability scanner
System management
Database archive
Database backup/restore
High availability
License management
NTP and time zone
Power management
Remote backup configuration
System backups
Updates
Agent packages
System update
User/Host Management
Aging
Allowed hosts
Device profiler
MAC address exclusion
Change log