Endpoint compliance configurations
Endpoint Compliance Configurations define agent and scan parameters for hosts and users. Hosts can be required to download an agent and undergo a scan, permitted access with no scan or denied access. The Endpoint Compliance Configuration that is used for a particular host is determined by the pairing of an Endpoint Compliance Configuration and a User/Host Profile within an Endpoint Compliance Policy.
When a host is evaluated, the host, user and connection location are compared to each Endpoint Compliance Policy starting with the first policy in the list. When a policy is found where the host and user data and the connection location match the User/Host Profile in the policy, that policy is assigned. The Endpoint Compliance Configuration contained within that policy determines the security treatment received by the host.
See Navigation and Filters for information on common navigation tools and data filters.
Field |
Definition |
---|---|
Global |
The Global column always displays "Yes" on the FortiNAC Control Manager, and indicates which information will be synchronized with a FortiNAC Server upon manual or automatic synchronization. This information is read-only on the FortiNAC Server. Upon synchronization, the information is overwritten on the FortiNAC Server. See Server synchronization for more information. Global information with a rank will always be ranked first on a FortiNAC Server. The rank of any item on a FortiNAC Server cannot be modified if it would result in changing the rank of a global item. You can only modify or delete global information from the FortiNAC Control Manager. |
Name |
User defined name for the Configuration. |
Scan |
Name of the scan used to evaluate a connecting host. |
Note |
User specified note field. This field may contain notes regarding the conversion from a previous version of FortiNAC. |
Collect Applications |
If enabled, the agent assigned to the host will collect information about installed applications and add that information to the host record. An application inventory cannot be generated for a hosts unless an agent is in use. |
Last Modified By |
User name of the last user to modify the record. |
Last Modified Date |
Date and time of the last modification to this configuration. |
Agent - OS |
An Agent column is displayed for each operating system supported. The column contains the agent that will be used or treatment that applies to hosts with that operating system when the scan is applied. Some operating systems do not have agents and those hosts can only be allowed or denied access to the network. See the Field Definitions in Add/Modify an endpoint compliance configuration for information on the agent options for each operating system. |
Delete |
Deletes the selected Endpoint Compliance Configuration. |
In Use |
Indicates whether or not the selected configuration is currently being used by any other FortiNAC element. See Endpoint compliance configurations in use. |
Modify |
Opens the Modify Endpoint Configuration window for the selected configuration. |
Show Audit Log |
Opens the Admin Auditing Log showing all changes made to the selected item. For information about the Admin Auditing Log, see Admin auditing You must have permission to view the Admin Auditing Log. See Add an admin profile |
Export |
Exports the data displayed to a file in the default downloads location. File types include CSV, Excel, PDF or RTF. See Export data. |