Document
Library

Control Manager

FortiNAC Control Manager
- What's new in this version
- Key features
- Getting additional help
- Access the FortiNAC Control Manager
- FortiNAC GUI icons
- License types and usage
Getting started
- Menus
- Dashboard
- Locate View
- Navigation
- Filters
Settings
- Authentication
- Identification
  - Device types
  - Vendor OUIs
- FortiNAC Control Manager
  - Server synchronization
- Security settings
  - Certificate management
- System communication
- System management
- Updates
Device profiler
- Device Profiling Process
- Device profiling rules
Admin profiles and permissions
- Default admin profiles
- Permissions list
- Add an admin profile
- Modify admin profiles
- Modify admin profiles for administrator users
- Delete an admin profile
- Copy admin profiles
- Admin profile mappings
- Administrative user profiles for guest manager
- Printer settings for guest contractor badges
Admin users
- Add Admin users
- Modify Admin users
- Delete Admin users
- Copy Admin users
- Modify an Admin profile
- Themes
- Using groups to limit Admin access
- Add Admin users to groups
- Admin user group membership
- Configure secure mode for Admin users
Import and export data
- Import archived data
- Import hosts, users or devices
- Import Admin users
- Import IP ranges
- Export data
Hosts, adapters, and applications
- Configure table columns and tool-tips
- Search and filter options for hosts, adapters, users or applications
- Host view
- Adapter view
- Application view
  - Show the host(s) containing an application
  - Set the threat override for an application
- Aging out host or user records
- Export data
User view
- Configure table columns and tool-tips
- Search and filter options for hosts, adapters, users, or applications
- User view and search field definitions
- User drill-down
- User properties
- Modify a user
- Delete a user
- Add users to groups
- User group membership
- Policy details
- Guest user account details
- Set user expiration date
Admin auditing
Event management
- Enable and disable events
- Event thresholds
- Log events to an external log host
- Examples of syslog messages
- View events currently mapped to alarms
- Events view
  - Event notes
  - FortiNAC events and alarms list
Alarms view
- Show/hide alarm details
- Map events to alarms
Policies
- Policy assignment
- User/host profiles
- Endpoint compliance policies
Role management
- Assigning roles
- Set up role management
- Roles
Guest manager
- Guest manager implementation
- Guest or contractor log in
- Manage guests in a FortiNAC Control Manager environment
Groups view
- Add groups
- Copy a group
- Delete a group
- Limit user access with groups
- Modify a group
- Groups - group membership
- Show group members
- Group in use
- Aging hosts in a group
- System groups
- Customer defined groups
Scheduler view
- Add a task within the scheduler
- Copy a task
- Modify a task
- Delete a task
- Run a task now
Send SMS messages
Scan management
- Manage scans
- Copy a scan
High availability
- HA configuration using a shared IP address (layer 2)
- HA configuration with servers on different subnets (layer 3)
- Connectivity configuration
- FortiNAC primary and secondary configuration
- Update software in a high availability environment
- High availability concepts
- Troubleshooting tips
Scan parameters
- Antivirus parameters - Windows
- Antivirus parameters - macOS
- Operating system parameters - Windows
- Operating systems parameters - macOS
Change log

Home FortiNAC 8.5.0 Control Manager

8.5.0

Add proactive scanning to a scheduled scan

Add proactive scanning to a scheduled scan

Within FortiNAC you can schedule scans to run automatically. Hosts using the Dissolvable Agent can initiate a rescan on the production network. When a rescan is successful, the host has extended the time before another scan is required.

For example, assume the schedule is set to rescan every Sunday. The user rescans his host at his convenience on Friday and passes the scan. When Sunday comes, FortiNAC checks the scan history and determines that this host has had a successful scan. This host is not forced to rescan nor is it marked at risk.

If the host fails the scan, the user is presented with a list of reasons for the failure. The host is not marked at risk at this time. If the user resolves the issues and rescans before the scheduled scan date, the host is never marked at risk and is not forced to rescan on Sunday. If the user does not resolve the issues and rescan, when the scheduled scan date arrives the host is either marked at risk or aged out of the database. The host cannot access the network until it has been successfully scanned or until the host is re-registered and then is successfully scanned.

To rescan the user must open a browser and navigate to the following:

https://<Server or Application Server>/remediation

The FortiNAC Server or Application Server in the URL can be either the IP Address or Name of the server that is running the captive portal.

Proactive scanning is enabled on the Schedule Rescan window. To provide your hosts access to the dissolvable agent, you can create a web page accessible from your network to download the dissolvable agent.

Scan results are central to FortiNAC's ability to determine when a host was last scanned. Scan results are removed based on the archive and purge schedule set up in FortiNAC properties. When configuring the archive and purge schedule be sure to make the interval long enough to allow the scan results to be used for Proactive Scanning. If the interval is too short, scan results will be purged too soon forcing all hosts to rescan regardless of when their last scan occurred. See Database archive for information on archive and purge settings.

Previous

Next

Add proactive scanning to a scheduled scan

Within FortiNAC you can schedule scans to run automatically. Hosts using the Dissolvable Agent can initiate a rescan on the production network. When a rescan is successful, the host has extended the time before another scan is required.

For example, assume the schedule is set to rescan every Sunday. The user rescans his host at his convenience on Friday and passes the scan. When Sunday comes, FortiNAC checks the scan history and determines that this host has had a successful scan. This host is not forced to rescan nor is it marked at risk.

If the host fails the scan, the user is presented with a list of reasons for the failure. The host is not marked at risk at this time. If the user resolves the issues and rescans before the scheduled scan date, the host is never marked at risk and is not forced to rescan on Sunday. If the user does not resolve the issues and rescan, when the scheduled scan date arrives the host is either marked at risk or aged out of the database. The host cannot access the network until it has been successfully scanned or until the host is re-registered and then is successfully scanned.

To rescan the user must open a browser and navigate to the following:

https://<Server or Application Server>/remediation

The FortiNAC Server or Application Server in the URL can be either the IP Address or Name of the server that is running the captive portal.

Proactive scanning is enabled on the Schedule Rescan window. To provide your hosts access to the dissolvable agent, you can create a web page accessible from your network to download the dissolvable agent.

Scan results are central to FortiNAC's ability to determine when a host was last scanned. Scan results are removed based on the archive and purge schedule set up in FortiNAC properties. When configuring the archive and purge schedule be sure to make the interval long enough to allow the scan results to be used for Proactive Scanning. If the interval is too short, scan results will be purged too soon forcing all hosts to rescan regardless of when their last scan occurred. See Database archive for information on archive and purge settings.

Previous

Next