Settings
The settings view provides access to global system configuration options, such as Aging properties to remove hosts and users from the database or email settings for emailing users and administrators.
All settings can also be unified under System by enabling Unified Settings under System > Feature Visibility.
Users & Hosts Setting |
Description |
---|---|
User/Host Management |
|
Aging |
Configure default settings to age users and hosts out of the database. See Aging. |
Allowed Hosts |
Configure the default number of hosts that can be registered to a user. See Allowed hosts. |
Device Profiler |
Enable or Disable creating rogues from DHCP packets heard on the network. See Device profiler. |
MAC Address Exclusion |
Lists the MAC addresses that can be ignored by FortiNAC when they connect to the network. These addresses will not be treated as rogues and will be allowed on the production network. |
Network Setting |
Description |
Authentication |
|
LDAP |
|
Roaming Guests |
|
Control |
|
Access Point Management |
Provides the ability to manage hosts connected to hubs using DHCP as a means to control or restrict host access. |
Allowed Domains |
Specify the domains and production DNS server that isolated hosts use to gain access to network locations. See Allowed domains. |
Quarantine |
When quarantine VLAN Switching is set to Enable and the ports are in the Forced Remediation Group,FortiNAC switches unregistered hosts that are being scanned to the quarantine VLAN until the scan process is completed. See Quarantine. |
Identification |
|
Device Types |
Displays icons representing each device type in the system, and allows you to add, modify, and delete custom type icons. |
NAT Detection |
Enter the IP ranges where FortiNAC will allow NAT'd hosts. IP addresses outside this range could be NAT'd hosts and can generate an event and an alarm to notify the network administrator. See NAT detection. |
Rogue DHCP Server Detection |
Monitors approved DHCP servers operation and detects rogue DHCP servers on the network using a dedicated interface on the FortiNAC appliance. It defines a scheduled task to run and search specific VLANs and discover all active entities serving IP addresses. This task compares the discovered DHCP servers against a list of authorized DHCP servers and triggers corresponding events when there is no match. |
Vendor OUIs |
Allows you to modify the vendor OUI database, which is used to determine whether or not a MAC address is valid or by device profiler to profile devices by OUI. The database is updated periodically through the Auto Definition update process. See Vendor OUIs. |
Network Device |
|
Network Device |
Set global properties that are specific to network devices and VLANs. See Network device. |
System Setting |
Description |
---|---|
Reports |
|
Analytics |
Configure the connection between the FortiNAC server and the cloud reporting Analytics server. This connection allows an agent on the FortiNAC server to push data for reporting to an external server based on a user-defined schedule. |
Persistent Agent |
|
Agent Update |
Enable Persistent Agent updates by operating system, schedule agent updates and add hosts to the list of Update Exceptions. You can update agents on both platforms simultaneously or separately. See Agent update |
Credential Configuration |
Configure how credentials are verified for hosts who use the Persistent Agent. |
Properties |
Configure the FortiNAC server name of the server for Persistent Agent communication, enable or disable display notifications to the host, configure Header and footer text for the Persistent Agent authentication page and Status messages in the message box on the user's desktop. See Properties. |
Status Notifications |
Configure how users are notified of their host status when the Persistent Agent contacts the FortiNAC server. See Status notifications. |
Transport Configuration |
Configure TCP and UDP communication between the FortiNAC server and the Persistent Agent. |
USB Detection |
Use the USB Detection view allows to configure FortiNAC to be notified in the event that a USB device was plugged into a host on the network. See USB detection. |
System Communication |
|
Addresses |
Configure a list of address and address group objects used in SSO and VPN configuration. See Addresses. |
Email Settings |
Enter settings for your email server. This allows FortiNAC to send email to Administrators and network users. See Email settings. |
Firewall Tags |
Configure Logical Network Firewall Tags |
Fortinet FSSO Settings |
Enable FortiNAC as a Fortinet Fabric Connector |
Log Receivers |
Configure a list of servers to receive event and alarm messages from FortiNAC. See Log receivers. |
Email/SMS Message Templates |
Customization of SMS and E-Mail messages for Self-Registered and Pre-Registered Guests |
Mobile Providers |
Displays the default set of Mobile Providers included in the database. FortiNAC uses the Mobile Providers list to send SMS messages to guests and administrators. The list can be modified as needed. See Mobile providers. |
Patch Management |
The Patch Management feature allows integration with Patch servers such as BigFix or PatchLink. See Patch management. |
Proxy Settings |
Configure FortiNAC to direct web traffic to a proxy server in order to download OS updates and auto-definition updates. |
SNMP |
Set the SNMP protocol for devices that query FortiNAC for information. See SNMP. |
Syslog Files |
Syslog Files that you create and store are used by FortiNAC to parse the information received from these external devices and generate an event. The event can contain any or all of the fields contained in the syslog output and can be mapped to an Alarm and an Alarm action. See Syslog files and Map events to alarms. |
Trap MIB Files |
Enter configurations to interpret SNMP trap MIB information sent from a device and associate it with events and alarms in FortiNAC. See Trap MIB files and Map events to alarms. |
Vulnerability Scanners |
Configure and manage the connection to a Vulnerability Scanner, allowing FortiNAC to request and process scan results. |
System Management |
|
Database Archive |
Set the age time for archived data files and configure the schedule for the Archive and Purge task. See Database archive. |
Database Backup/Restore |
Schedule database backups, configure how many days to store local backups, and restore a database backup. Note that this restores backups on the FortiNAC server, not backups on a remote server. |
High Availability |
Configuration for Primary and Secondary appliances for high availability. Saving changes to these settings restarts both the Primary and Secondary servers. See High availability. |
License Management |
View or modify the license key for this server or an associated Application server. |
NTP And Time Zone |
Reset the time zone and NTP server for your FortiNAC appliances. Typically the time zone and NTP server are configured using the Configuration Wizard during the initial FortiNAC set up. Requires a server restart to take effect. See NTP and time zone. |
Power Management |
Reboot or power off the FortiNAC server. See Power management. |
Remote Backup Configuration |
Configure Scheduled Backups to use a remote server via FTP and/or SSH. |
System Backups |
Create a backup of all system files that are used to configure FortiNAC. See System backups. |
Updates |
|
Agent Packages |
Displays a list of the Dissolvable Agent, Persistent Agent, and Passive Agentversions available on your FortiNAC appliance. Download new agents and add them to FortiNAC as they become available from Fortinet using Download. Download an Administrative template for GPO configuration to your PC from the FortiNACappliance using the links at the top of the view. See Agent packages. |
Operating System |
Use operating system updates to download and install updates to the operating system on FortiNAC servers. See Operating system. |
System |
Use System Updates to configure download settings, download updates from Fortinet, install updates and view the updates log. See System update. |