Fortinet black logo

Administration Guide

Add a scan

Copy Link
Copy Doc ID 825689eb-200d-11e9-b6f6-f8bc1258b856:882464
Download PDF

Add a scan

  1. Click Policy > Remediation Configuration.
  2. Click Add.
  3. Use the settings in the table below to enter the parameters for the script or profile you are adding.
  4. Click Apply.
Settings

Field

Definition

Type

The type of scan you are adding:

  • System - These scans runs scripts on the FortiNAC platform.
  • Admin - These scans indicate the reason why a host was manually marked at risk. They are not actually scanning the host but provide a configuration or profile with which to associate the host state. Admin Scans are also used to mark hosts At Risk or Safe based on an alarm action triggered by an event.

Script/Profile

System Scripts
  • ForceCSARescan - Forces the Target Group of hosts using the Dissolvable agent to be rescanned by setting the hosts in the group to At-Risk.
  • ForcePersistentAgent - Forces the Target Group of hosts using the Persistent agent to be rescanned by setting the hosts in the group to At-Risk.
  • PassAllClients - Sets the Target Group of hosts to Safe.
  • FailAllClients - Sets the Target Group of hosts to AtRisk.
Admin Scans

Enter a name for the scan. This scan is initiated on the Host Properties under the Health tab.

Label

Displayed on the failure page when a network user's PC has failed a scan. If no label is provided, the scan name is used. The label or scan name is a link that takes the user to a page indicating why the PC has failed the scan.

Max Scan Execution Time (sec)

The maximum length of time FortiNAC will wait for the scan to return a status of passed or failed. If the elapsed time is greater than this value, a script failed error is generated and the host returns to the queue of hosts waiting to be scanned.

Status

Enable or Disable the scan. This setting can be modified to allow the scan to run or to stop it from running.

Target

The sub-set of FortiNAC hosts that will be scanned.

  • All Hosts
  • All Hosts & Servers
  • All Registered
  • All Rogues
  • All Servers
  • All VPN Clients
  • Group: See below.
  • Security and Access Attribute Value. See below.

Group

Specify the FortiNAC host group to be scanned. This option is only available if you select Group as the Target.

Security and Access Attribute Value

Used to determine which scan is to be applied to hosts connecting to the network whose associated user has this value set in the Active Directory Security and Access attribute. The host inherits this value from the user. This option is only available if you select Directory Attribute as the Target. See for more information.

Patch URL

The location of the URL containing instructions for users whose hosts fail the scan.

Note

This must be a local URL.

Patch Information

If a host has failed a scan, the user must remedy the issue and rescan. Use this second field to provide the user with a brief set of instructions.

For this field to be displayed to the user, you must use the portal pages distributed with FortiNAC and the Use Portal Version 1 check box on the Portal Configuration window must be disabled.

Add a scan

  1. Click Policy > Remediation Configuration.
  2. Click Add.
  3. Use the settings in the table below to enter the parameters for the script or profile you are adding.
  4. Click Apply.
Settings

Field

Definition

Type

The type of scan you are adding:

  • System - These scans runs scripts on the FortiNAC platform.
  • Admin - These scans indicate the reason why a host was manually marked at risk. They are not actually scanning the host but provide a configuration or profile with which to associate the host state. Admin Scans are also used to mark hosts At Risk or Safe based on an alarm action triggered by an event.

Script/Profile

System Scripts
  • ForceCSARescan - Forces the Target Group of hosts using the Dissolvable agent to be rescanned by setting the hosts in the group to At-Risk.
  • ForcePersistentAgent - Forces the Target Group of hosts using the Persistent agent to be rescanned by setting the hosts in the group to At-Risk.
  • PassAllClients - Sets the Target Group of hosts to Safe.
  • FailAllClients - Sets the Target Group of hosts to AtRisk.
Admin Scans

Enter a name for the scan. This scan is initiated on the Host Properties under the Health tab.

Label

Displayed on the failure page when a network user's PC has failed a scan. If no label is provided, the scan name is used. The label or scan name is a link that takes the user to a page indicating why the PC has failed the scan.

Max Scan Execution Time (sec)

The maximum length of time FortiNAC will wait for the scan to return a status of passed or failed. If the elapsed time is greater than this value, a script failed error is generated and the host returns to the queue of hosts waiting to be scanned.

Status

Enable or Disable the scan. This setting can be modified to allow the scan to run or to stop it from running.

Target

The sub-set of FortiNAC hosts that will be scanned.

  • All Hosts
  • All Hosts & Servers
  • All Registered
  • All Rogues
  • All Servers
  • All VPN Clients
  • Group: See below.
  • Security and Access Attribute Value. See below.

Group

Specify the FortiNAC host group to be scanned. This option is only available if you select Group as the Target.

Security and Access Attribute Value

Used to determine which scan is to be applied to hosts connecting to the network whose associated user has this value set in the Active Directory Security and Access attribute. The host inherits this value from the user. This option is only available if you select Directory Attribute as the Target. See for more information.

Patch URL

The location of the URL containing instructions for users whose hosts fail the scan.

Note

This must be a local URL.

Patch Information

If a host has failed a scan, the user must remedy the issue and rescan. Use this second field to provide the user with a brief set of instructions.

For this field to be displayed to the user, you must use the portal pages distributed with FortiNAC and the Use Portal Version 1 check box on the Portal Configuration window must be disabled.