Endpoint compliance configurations

8.5.0

Copy Link

Copy Doc ID c0e495af-7299-11e9-81a4-00505692583a:255120

Download PDF

Endpoint compliance configurations

Endpoint Compliance Configurations define agent and scan parameters for hosts and users. Hosts can be required to download an agent and undergo a scan, permitted access with no scan or denied access. The Endpoint Compliance Configuration that is used for a particular host is determined by the pairing of an Endpoint Compliance Configuration and a User/Host Profile within an Endpoint Compliance Policy.

When a host is evaluated, the host, user and connection location are compared to each Endpoint Compliance Policy starting with the first policy in the list. When a policy is found where the host and user data and the connection location match the User/Host Profile in the policy, that policy is assigned. The Endpoint Compliance Configuration contained within that policy determines the security treatment received by the host.

See Navigation and Filters for information on common navigation tools and data filters.

Field	Definition
Global	The Global column always displays "Yes" on the FortiNAC Control Manager, and indicates which information will be synchronized with a FortiNAC Server upon manual or automatic synchronization. This information is read-only on the FortiNAC Server. Upon synchronization, the information is overwritten on the FortiNAC Server. See Server synchronization for more information. Global information with a rank will always be ranked first on a FortiNAC Server. The rank of any item on a FortiNAC Server cannot be modified if it would result in changing the rank of a global item. You can only modify or delete global information from the FortiNAC Control Manager.
Name	User defined name for the Configuration.
Scan	Name of the scan used to evaluate a connecting host.
Note	User specified note field. This field may contain notes regarding the conversion from a previous version of FortiNAC.
Collect Applications	If enabled, the agent assigned to the host will collect information about installed applications and add that information to the host record. An application inventory cannot be generated for a hosts unless an agent is in use.
Last Modified By	User name of the last user to modify the record.
Last Modified Date	Date and time of the last modification to this configuration.
Agent - OS	An Agent column is displayed for each operating system supported. The column contains the agent that will be used or treatment that applies to hosts with that operating system when the scan is applied. Some operating systems do not have agents and those hosts can only be allowed or denied access to the network. See the Field Definitions in Add/Modify an endpoint compliance configuration for information on the agent options for each operating system.
Right Mouse Click Menu Options
Delete	Deletes the selected Endpoint Compliance Configuration.
In Use	Indicates whether or not the selected configuration is currently being used by any other FortiNAC element. See Endpoint compliance configurations in use.
Modify	Opens the Modify Endpoint Configuration window for the selected configuration.
Show Audit Log	Opens the Admin Auditing Log showing all changes made to the selected item. For information about the Admin Auditing Log, see Admin auditing You must have permission to view the Admin Auditing Log. See Add an admin profile
Buttons
Export	Exports the data displayed to a file in the default downloads location. File types include CSV, Excel, PDF or RTF. See Export data.

Endpoint compliance configurations

See Navigation and Filters for information on common navigation tools and data filters.

Field	Definition
Global	The Global column always displays "Yes" on the FortiNAC Control Manager, and indicates which information will be synchronized with a FortiNAC Server upon manual or automatic synchronization. This information is read-only on the FortiNAC Server. Upon synchronization, the information is overwritten on the FortiNAC Server. See Server synchronization for more information. Global information with a rank will always be ranked first on a FortiNAC Server. The rank of any item on a FortiNAC Server cannot be modified if it would result in changing the rank of a global item. You can only modify or delete global information from the FortiNAC Control Manager.
Name	User defined name for the Configuration.
Scan	Name of the scan used to evaluate a connecting host.
Note	User specified note field. This field may contain notes regarding the conversion from a previous version of FortiNAC.
Collect Applications	If enabled, the agent assigned to the host will collect information about installed applications and add that information to the host record. An application inventory cannot be generated for a hosts unless an agent is in use.
Last Modified By	User name of the last user to modify the record.
Last Modified Date	Date and time of the last modification to this configuration.
Agent - OS	An Agent column is displayed for each operating system supported. The column contains the agent that will be used or treatment that applies to hosts with that operating system when the scan is applied. Some operating systems do not have agents and those hosts can only be allowed or denied access to the network. See the Field Definitions in Add/Modify an endpoint compliance configuration for information on the agent options for each operating system.
Right Mouse Click Menu Options
Delete	Deletes the selected Endpoint Compliance Configuration.
In Use	Indicates whether or not the selected configuration is currently being used by any other FortiNAC element. See Endpoint compliance configurations in use.
Modify	Opens the Modify Endpoint Configuration window for the selected configuration.
Show Audit Log	Opens the Admin Auditing Log showing all changes made to the selected item. For information about the Admin Auditing Log, see Admin auditing You must have permission to view the Admin Auditing Log. See Add an admin profile
Buttons
Export	Exports the data displayed to a file in the default downloads location. File types include CSV, Excel, PDF or RTF. See Export data.