Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiNAC-F 7.6.0 Administration Guide
    7.6.0
    7.6.0
    7.4.0
    7.2.0

    L3 polling

    L3 polling

    L3 Polling is one in a series of initial setup windows designed to help you get your FortiNAC program up and running as quickly as possible. Similar functions exist in other parts of the software, but this window provides access to the most essential configuration information.

    L3 Polling triggers the IP address to MAC address conversion. Based on the information returned, FortiNAC resolves the MAC addresses associated with IP addresses for hosts and other devices on the network.

    L3 devices are polled based on the following:

    • L3 polling interval as defined for the device model
    • Whether a host is being evaluated by a device profiling rule that requires IP address information. Device Profiler will attempt to find an up-to-date IP address for a particular host for 30 minutes before giving up if an up-to-date IP address cannot be found.
    • (as of 9.1) A VLAN change has occurred. The system performs the below steps to update the affected host's IP information:
    1. Waits 20 seconds after VLAN change
    2. Looks in the internal cache for an IP change due to either a Persistent Agent update or scheduled L3 poll.
    3. If IP has not changed, the system polls the last L3 device that had an entry for the hosts's MAC address. If no entry is found, the host location's next hop router is polled.
    4. If no new IP address is found, the system waits 30 seconds.
    5. If no new IP address is found, steps 3 and 4 are repeated 4 more times.

    Use this window to set a polling interval for switches and routers.

    As devices are added or discovered they are automatically added into the L2 Network Devices group and either the L2 Wired Devices or L2 Wireless Devices sub-groups. A default L3 (IP --> MAC ) group is created by FortiNAC but is not automatically populated. You must add your L3 devices to this group.

    By default this window displays devices that have been manually placed in the L3 (IP --> MAC ) group. If you have not placed any devices in this group, the window does not display any devices. Select the All Devices option and click Refresh to display all network devices in the window.

    To access click Network > L3 Polling.

    Settings

    Fields used in filters are also defined in this table.

    Field

    Definition

    Display

    All Devices: Displays all network devices. When Group is selected in the Filter By section, all device groups are displayed in the Group drop-down.

    L3 (IP --> MAC) Devices: Displays all devices in the L3 (IP --> MAC) Devices group. When Group is selected in the Filter By section, the L3 Devices group and any sub-groups are displayed in the Group drop-down.

    #

    Indicates the order of display.

    Name

    Name of the selected device.

    IP address

    IP address of the selected device. IP addresses or Address Ranges are used to add or discover devices.

    Type

    Indicate the type of devices, such as switch, printer, router, etc.

    Status

    Indicates whether or not communication has been established with the device. Displays either Established or Lost.

    Groups

    Indicates that the device is a member of the groups listed.

    Views

    Series of icons that can be clicked to provide additional details about the selected device. Icons provide access to Device Properties, group membership and Ports and Hosts. Click an icon to access the view.

    L3 Polling

    Indicates whether or not L3 polling is enabled and the time interval between polls.

    L3 Priority

    Indicates high, medium or low priority given to the device when hosts connect to the network. Devices are polled in batches based on priority to retrieve host IP addresses. It is recommended that high traffic routers and switches be given a higher priority to allow hosts on those devices to connect more quickly.

    L3 Last Polled

    Date and time of the last polling attempt, regardless of whether it was successful or not.

    L3 Last Poll Success

    Date and time of the last successful poll.

    Container

    Container in the Inventory where the device is stored. Containers are a grouping mechanism similar to folders.

    Export

    Exports data to a file in the default downloads location. File types include CSV, Excel, PDF, or RTF. See Export data.

    Right click options

    Add To Group

    Adds selected devices to a user specified device group.

    Remove From Group

    Removes selected devices from a user specified group.

    Set Polling

    Allows you to enable or disable polling and set the polling time interval for the selected device(s).

    Poll Now

    Polls selected devices immediately instead of waiting for the next poll interval.

    Set L3 polling

    L3 devices have a Priority setting that allows you to associate a High, Medium or Low polling priority with each L3 device. When hosts connect to an L3 device the priority setting determines how quickly the device is polled. For example, if you have a high traffic device and a low traffic device and hosts are seen on both, which should be polled first? Typically you would give the high traffic device a high priority and the low traffic device a low or medium priority. When hosts are seen by both devices, the high priority device would be polled first. If you expand this example throughout your network, devices will be polled in groups by their priority with high priority devices being polled first.

    1. Click Network > L3 Polling.
    2. The Devices window displays.
    3. Select one or more devices from the list. To select all devices, click Select All.
    4. Click Set Polling.
    5. Use the Enable Polling check box to enable or disable polling for the selected device.
    6. If polling is enabled, select a time interval to control how often polling should occur. The interval can be set in Hours or Minutes.
    7. In the Priority field, select the priority given to the device when hosts connect to the network. The higher the priority the more quickly a host connects.
    8. Click OK.

    L3 Device Identification

    This is a process that reads from configured Network Devices and attempts to determine if they support L3 routing. For each device, a Score is computed on a range of 0 to 100 of the likelihood that the device supports L3. Once the scan of all devices is complete, the results may be viewed using the L3 Identification Results task. If the Score is at least 66, FortiNAC will suggest adding to the L3 group. If the Score is less than 33, FortiNAC will suggest removing from the L3 group. A selection to include in the L3 group must be made for each device before the changes may be saved.

    The scan may be started from either the Network > Inventory view or the Network > L3 Polling view by clicking "Start L3 Identification."

    Previous
    Next

    L3 polling

    L3 polling

    L3 Polling is one in a series of initial setup windows designed to help you get your FortiNAC program up and running as quickly as possible. Similar functions exist in other parts of the software, but this window provides access to the most essential configuration information.

    L3 Polling triggers the IP address to MAC address conversion. Based on the information returned, FortiNAC resolves the MAC addresses associated with IP addresses for hosts and other devices on the network.

    L3 devices are polled based on the following:

    • L3 polling interval as defined for the device model
    • Whether a host is being evaluated by a device profiling rule that requires IP address information. Device Profiler will attempt to find an up-to-date IP address for a particular host for 30 minutes before giving up if an up-to-date IP address cannot be found.
    • (as of 9.1) A VLAN change has occurred. The system performs the below steps to update the affected host's IP information:
    1. Waits 20 seconds after VLAN change
    2. Looks in the internal cache for an IP change due to either a Persistent Agent update or scheduled L3 poll.
    3. If IP has not changed, the system polls the last L3 device that had an entry for the hosts's MAC address. If no entry is found, the host location's next hop router is polled.
    4. If no new IP address is found, the system waits 30 seconds.
    5. If no new IP address is found, steps 3 and 4 are repeated 4 more times.

    Use this window to set a polling interval for switches and routers.

    As devices are added or discovered they are automatically added into the L2 Network Devices group and either the L2 Wired Devices or L2 Wireless Devices sub-groups. A default L3 (IP --> MAC ) group is created by FortiNAC but is not automatically populated. You must add your L3 devices to this group.

    By default this window displays devices that have been manually placed in the L3 (IP --> MAC ) group. If you have not placed any devices in this group, the window does not display any devices. Select the All Devices option and click Refresh to display all network devices in the window.

    To access click Network > L3 Polling.

    Settings

    Fields used in filters are also defined in this table.

    Field

    Definition

    Display

    All Devices: Displays all network devices. When Group is selected in the Filter By section, all device groups are displayed in the Group drop-down.

    L3 (IP --> MAC) Devices: Displays all devices in the L3 (IP --> MAC) Devices group. When Group is selected in the Filter By section, the L3 Devices group and any sub-groups are displayed in the Group drop-down.

    #

    Indicates the order of display.

    Name

    Name of the selected device.

    IP address

    IP address of the selected device. IP addresses or Address Ranges are used to add or discover devices.

    Type

    Indicate the type of devices, such as switch, printer, router, etc.

    Status

    Indicates whether or not communication has been established with the device. Displays either Established or Lost.

    Groups

    Indicates that the device is a member of the groups listed.

    Views

    Series of icons that can be clicked to provide additional details about the selected device. Icons provide access to Device Properties, group membership and Ports and Hosts. Click an icon to access the view.

    L3 Polling

    Indicates whether or not L3 polling is enabled and the time interval between polls.

    L3 Priority

    Indicates high, medium or low priority given to the device when hosts connect to the network. Devices are polled in batches based on priority to retrieve host IP addresses. It is recommended that high traffic routers and switches be given a higher priority to allow hosts on those devices to connect more quickly.

    L3 Last Polled

    Date and time of the last polling attempt, regardless of whether it was successful or not.

    L3 Last Poll Success

    Date and time of the last successful poll.

    Container

    Container in the Inventory where the device is stored. Containers are a grouping mechanism similar to folders.

    Export

    Exports data to a file in the default downloads location. File types include CSV, Excel, PDF, or RTF. See Export data.

    Right click options

    Add To Group

    Adds selected devices to a user specified device group.

    Remove From Group

    Removes selected devices from a user specified group.

    Set Polling

    Allows you to enable or disable polling and set the polling time interval for the selected device(s).

    Poll Now

    Polls selected devices immediately instead of waiting for the next poll interval.

    Set L3 polling

    L3 devices have a Priority setting that allows you to associate a High, Medium or Low polling priority with each L3 device. When hosts connect to an L3 device the priority setting determines how quickly the device is polled. For example, if you have a high traffic device and a low traffic device and hosts are seen on both, which should be polled first? Typically you would give the high traffic device a high priority and the low traffic device a low or medium priority. When hosts are seen by both devices, the high priority device would be polled first. If you expand this example throughout your network, devices will be polled in groups by their priority with high priority devices being polled first.

    1. Click Network > L3 Polling.
    2. The Devices window displays.
    3. Select one or more devices from the list. To select all devices, click Select All.
    4. Click Set Polling.
    5. Use the Enable Polling check box to enable or disable polling for the selected device.
    6. If polling is enabled, select a time interval to control how often polling should occur. The interval can be set in Hours or Minutes.
    7. In the Priority field, select the priority given to the device when hosts connect to the network. The higher the priority the more quickly a host connects.
    8. Click OK.

    L3 Device Identification

    This is a process that reads from configured Network Devices and attempts to determine if they support L3 routing. For each device, a Score is computed on a range of 0 to 100 of the likelihood that the device supports L3. Once the scan of all devices is complete, the results may be viewed using the L3 Identification Results task. If the Score is at least 66, FortiNAC will suggest adding to the L3 group. If the Score is less than 33, FortiNAC will suggest removing from the L3 group. A selection to include in the L3 group must be made for each device before the changes may be saved.

    The scan may be started from either the Network > Inventory view or the Network > L3 Polling view by clicking "Start L3 Identification."

    Previous
    Next