Document
Library

Version:

Version:

Version:

Table of Contents

What's new in FortiNAC 8.3
Introduction
- Additional help
- Requirements
- DNS configuration for administrators
- IPv6 support
- Login to FortiNAC
- Admin user interface connection errors
- Licensing
- Navigation
- Menus
- Passwords
- Time stamps and time zones
- Accessing analytics
- Icons
- Certificates
Dashboard
- Add a panel
- Alarm
- Host summary
- Network device summary
- Details list view
- License information
- Performance
- Persistent Agent summary
- Scans
- Summary
- Security summary
- User summary
- Views
- Manage hosts and ports
- Locate
- Guest accounts
- Send messages to hosts
Quick start
- Guest/contractor templates
- Guest or contractor accounts
  - Create guest/contractor accounts
  - Provide login information
- Containers
- Network devices
- Wireless security
- L2 polling (resync hosts)
- L3 polling (IP address to MAC address)
- Learning about hosts on the network
- Network device groups
- Portal configuration
Settings
- Authentication
- Control
- Identification
- Network device
- Persistent Agent settings
- Reports settings
- Security settings
  - Portal SSL
  - Certificate management
- System communication
- System management
- Updates
- User/host management
Device profiler
- Device profiling process
- Device profiler implementation
- Device profiling rules
- Administrative user profiles for device managers
- Add an administrative user for device profiler
- Device profiler events and alarms
- Profiled devices
Monitor devices
- View and register known devices
- Isolate unknown devices
- Control access based on device types
- View logs and reports
Policies
- Policy assignment
- User/host profiles
- Portal policies
- Authentication policies
- Authentication configuration
  - Add/modify a policy
  - Delete a configuration
- Network access policies
- Network access configurations
- Endpoint compliance policies
- Endpoint compliance configurations
- Scans
- Supplicant EasyConnect policies
- Supplicant configurations
- Policy details
- Remediation configuration
- Policy simulator
Endpoint compliance
- Implementation
- Agent overview
- Dissolvable Agent
- Passive Agent
- Persistent Agent
- Mobile Agent
- Agent server communications
- Auto-Definition updates
- Send a message to group/all hosts
Role management
- Configuration
- Assigning roles
- Roles
- Network device roles
  - Add a role
  - Modify/delete a role
Guest manager
- Implementation
- Guest/contractor templates
- Admin profiles
- Administrative users
- Portal page setup for version 1
- Portal page setup for version 2
- Printer settings for guest badges
- Events and alarms
- Sponsors
- Guest/contractor login
- Using a kiosk
- Guest self-registration
Automated Threat Response (ATR)
- Implementation
- Security rules
  - Add/modify a rule
  - Delete a rule
- Triggers
- Security actions
- Security alarms
- Security events
User view
- Configure table columns and tooltips
- Search and filter options
- User view and search settings
- User drill-down
- User properties
- Add/modify a user
- Delete a user
- Add users to groups
- User group membership
- Policy details
- Policy simulator
- Guest account details
- Set user expiration date
Admin profiles and permissions
- Default administrator profiles
- Permissions list
- Add an admin profile
- Modify admin profiles
- Modify admin profiles for administrator users
- Delete an admin profile
- Copy an admin profile
- Admin profile mappings
Admin users
- Add an admin user
- Modify an admin user
- Delete an admin user
- Copy an admin user
- Modify a user's admin profile
- User theme
- Limit admin access with groups
- Set admin privileges based on directory groups
- Add admin users to groups
- Admin user group membership
- Configure secure mode
Import and export data
- Import archived data
- Import hosts, users or devices
- Import admin users
- Import IP ranges
- CLI import tool
  - Create .csv files for device import
  - Import devices with the CLI tool
- Import port descriptions
- Export data
Topology view
- Topology tree contact status
- Find containers or devices
- Control access
  - Containers
  - Network summary
- Customer icon
- Container icon
- Device view
- Device configuration
- Ports view
- SSID view
  - SSID configuration
  - Modify multiple SSIDs
Hosts, adapters, and applications
- USB/Thunderbolt external Ethernet adapters
- Host view
- Adapter view
- Aging out host or user records
- Application view
Device identity
Groups view
- Add groups
- Copy a group
- Delete a group
- Limit user access with groups
- Modify a group
- Display group membership
- Show group members
- Group in use
- Aging hosts in a group
- System groups
- Customer defined groups
Admin auditing
- Configuration
- Accessing the auditing log
Scheduler view
- Add a task
- Add other scheduled tasks
- Copy a task
- Delete a task
- Modify a task
- Run task now
Event management
- Enable and disable events
- Event thresholds
- Log events to an external log host
- Examples of syslog messages
- View events currently mapped to alarms
Events view
- Event notes
- Events and alarms list
Alarms view
- Show/hide alarm details
- Map events to alarms
- Add or modify alarm mapping
- Bulk modify alarm mappings
- Delete alarm mapping
Reports view
- Standard report templates
- Custom reports
- Schedule reports
- Archived reports
- Compliance reports
  - PCI reports
  - Download or run compliance report templates
- Crystal reports
Scan results view
- Show details
- Archive and clear all scans
- Archive and clear selected scans
Connections view
CLI configuration
- Configuration in use
- Show configuration
- Port based and host based configurations
- Add/modify a configuration
- Sample configurations
- Implement configurations
- Port changes view
- Requirements for ACL based configurations
High availability
- Server communication
- Using a shared IP Address (Layer 2)
- Servers on different subnets (Layer 3)
- Connectivity configuration
- Primary and secondary configuration
- Update software
- High availability concepts
- Troubleshooting tips
Receive data from external devices
Send SMS messages
REST API
- API URLs
- Alarms
- Specific alarm
- Acknowledge alarm
- Containers - bulk
- Specific container
- Control tasks
- Control task items
- Control task - scan by endpoint ID
- Device identities
- Specific device identity
- Profiled devices
- Specific profiled devices
- Register a profiled device
- Device profiling rules
- Specific device profiling rule
- Endpoint
- Specific endpoint
- Endpoints - bulk
- Specific endpoint adapter
- Add or update an endpoint - FORM
- Add or update an dndpoint - JSON/XML
- Bulk add or update endpoints - JSON/XML
- Events
- Specific event
- Group
- Specific group
- Add or update a group
- Delete a group
- Specific network device
- Network devices - bulk
- Specific network port
- Service
- Scheduled tasks
- Run a scheduled task
- Specific scheduled task
- Users
- Add or update a user
- Add or update a user - FORM
- Add or update a user - JSON/XML
- Vendor OUIs
- Specific vendor OUI
- Troubleshooting REST API
Appendix A: Scan parameters
- Anti-Virus parameters - Windows
- Anti-Virus parameters - macOS
- Operating system parameters - Windows
- Operating systems parameters - macOS
Appendix B: Portal page contents fields
Appendix C: Security event severity level mappings

Administration Guide

8.3.0

Download PDF

Copy Doc ID 825689eb-200d-11e9-b6f6-f8bc1258b856:429565

Copy Link

Appendix C: Security event severity level mappings

Each vendor defines its own severity levels for syslog messages. These severity levels are normalized within FortiNAC to provide additional filtering options for incoming security events. The following table provides severity level mappings between the vendor and FortiNAC.

Note

You must have ATR enabled in your licensing package in order to use ATR features.

Vendor	Vendor Severity Level	FortiNAC Severity Level
CheckPoint	1	1
	2	2
	3	3
	4	4
	5	5
	6	6
	7	7
	8	8
	9	9
	10	10
Stonegate	0	1
	1	2
	2	3
	3	4
	4	5
	5	6
	6	7
	7	8
	8	9
	9	10
TippingPointSMS	0	1
	1	3
	2	5
	3	7
	4	9
FireEye	0	1
	1	2
	2	3
	3	4
	4	5
	5	6
	6	7
	7	8
	8	9
	9	10
FortiOS4	INFORMATION	1
	NOTICE	3
	WARNING	5
	ALERT	7
	CRITICAL	8
	ERROR	9
	EMERGENCY	10
FortiOS5	INFORMATION	1
	NOTICE	3
	WARNING	5
	ALERT	7
	CRITICAL	8
	ERROR	9
	EMERGENCY	10
PaloAlto	INFORMATIONAL	1
	LOW	3
	MEDIUM	5
	HIGH	7
	CRITICAL	9
RSA	0	1
	1	2
	2	3
	3	4
	4	5
	5	6
	6	7
	7	8
	8	9
	9	10

Previous

Next

Appendix C: Security event severity level mappings

Each vendor defines its own severity levels for syslog messages. These severity levels are normalized within FortiNAC to provide additional filtering options for incoming security events. The following table provides severity level mappings between the vendor and FortiNAC.

Note

You must have ATR enabled in your licensing package in order to use ATR features.

Vendor	Vendor Severity Level	FortiNAC Severity Level
CheckPoint	1	1
	2	2
	3	3
	4	4
	5	5
	6	6
	7	7
	8	8
	9	9
	10	10
Stonegate	0	1
	1	2
	2	3
	3	4
	4	5
	5	6
	6	7
	7	8
	8	9
	9	10
TippingPointSMS	0	1
	1	3
	2	5
	3	7
	4	9
FireEye	0	1
	1	2
	2	3
	3	4
	4	5
	5	6
	6	7
	7	8
	8	9
	9	10
FortiOS4	INFORMATION	1
	NOTICE	3
	WARNING	5
	ALERT	7
	CRITICAL	8
	ERROR	9
	EMERGENCY	10
FortiOS5	INFORMATION	1
	NOTICE	3
	WARNING	5
	ALERT	7
	CRITICAL	8
	ERROR	9
	EMERGENCY	10
PaloAlto	INFORMATIONAL	1
	LOW	3
	MEDIUM	5
	HIGH	7
	CRITICAL	9
RSA	0	1
	1	2
	2	3
	3	4
	4	5
	5	6
	6	7
	7	8
	8	9
	9	10

Previous

Next