Fortinet white logo
Fortinet white logo

Administration Guide

Registration

Registration

  • To implement Passive Agent Registration you must complete the following tasks:
  • Integrate your Directory with FortiNAC. See Authentication directories for configuration and integration information.
  • Create one or more Passive Agent Configurations. See Add/modify configuration.
  • If the Passive Agent Configuration Modified event is enabled, the Event Log tracks each Passive Agent Configuration as it is added, modified or removed. In addition, the user name of the user who made the changes and the current configuration settings are included in the event message. See Event management to enable or disable this event. See Events view to view the event log.
  • If you plan to scan users' computers when they log in, create one or more security policies. See Endpoint compliance policies.
  • If you have more than one FortiNAC Server or Control Server and you want to control which server responds to which hosts, configure IP Address ranges for each server. See IP ranges .
  • Go to the Agent Distribution window and download the passive agent (FortiNAC Passive Agent. exe). It is recommended that you rename this file, and remove the spaces in the filename before you distribute it. See Agent packages.

    Note

    The Passive Agent filename for versions prior to 4.0.1.4 must be renamed to remove spaces to avoid issues when deploying with scripts.

  • To scan user's computers the agent downloaded in the previous step must be set up to deploy or to be served to the host when the user logs into or off of the network. The agent can be served using Group Policy Objects, Desktop Management Software or any method that allows the network administrator to deploy and run the agent on a remote host as users login or logout of the domain. The method of deployment is up to the Network Administrator.
  • If you choose to use Group Policy Objects to deploy the agent, you must also download the Administrative Templates provided on the Agent Distribution window, install them on your Windows Server and configure the appropriate settings. See Administrative templates for GPO.
  • When the Passive Agent is run using a script, there are additional arguments that must be used to indicate whether the agent is attempting login or logout. See CLI arguments.

Registration

Registration

  • To implement Passive Agent Registration you must complete the following tasks:
  • Integrate your Directory with FortiNAC. See Authentication directories for configuration and integration information.
  • Create one or more Passive Agent Configurations. See Add/modify configuration.
  • If the Passive Agent Configuration Modified event is enabled, the Event Log tracks each Passive Agent Configuration as it is added, modified or removed. In addition, the user name of the user who made the changes and the current configuration settings are included in the event message. See Event management to enable or disable this event. See Events view to view the event log.
  • If you plan to scan users' computers when they log in, create one or more security policies. See Endpoint compliance policies.
  • If you have more than one FortiNAC Server or Control Server and you want to control which server responds to which hosts, configure IP Address ranges for each server. See IP ranges .
  • Go to the Agent Distribution window and download the passive agent (FortiNAC Passive Agent. exe). It is recommended that you rename this file, and remove the spaces in the filename before you distribute it. See Agent packages.

    Note

    The Passive Agent filename for versions prior to 4.0.1.4 must be renamed to remove spaces to avoid issues when deploying with scripts.

  • To scan user's computers the agent downloaded in the previous step must be set up to deploy or to be served to the host when the user logs into or off of the network. The agent can be served using Group Policy Objects, Desktop Management Software or any method that allows the network administrator to deploy and run the agent on a remote host as users login or logout of the domain. The method of deployment is up to the Network Administrator.
  • If you choose to use Group Policy Objects to deploy the agent, you must also download the Administrative Templates provided on the Agent Distribution window, install them on your Windows Server and configure the appropriate settings. See Administrative templates for GPO.
  • When the Passive Agent is run using a script, there are additional arguments that must be used to indicate whether the agent is attempting login or logout. See CLI arguments.