Fortinet black logo

Control Manager

Home FortiNAC 8.5.0 Control Manager

Schedule a scan

8.5.0
8.8.0
8.7.0
8.6.0
8.5.0
8.3.0
Copy Link
Copy Doc ID c0e495af-7299-11e9-81a4-00505692583a:460567
Download PDF

Schedule a scan

When hosts that use the Persistent Agent or the Dissolvable Agent connect to the network, they are checked against an Endpoint Compliance Policy. FortiNAC maintains a list of hosts that have passed the scan within the policy. When hosts that previously passed the scan connect to the network, they are given access.

To recheck the hosts and ensure continued compliance, schedule the scan to be run at specific intervals. The hosts are rechecked the next time the scheduled task for the scan runs. Only hosts that have a valid operating system listed in Host Properties are rescanned. Valid operating systems include Windows and Mac.

You can add more than one scheduled task for each scan to check different groups of network hosts at various times. This prevents an excessive load on the system. These groups are subgroups of the original group targeted by the scan. For example, if the original scan was set to scan all staff in the Building A group, the scheduled scan could target staff in subsets of the Building A group. Subsets would be created by placing staff from the Building A group into smaller groups. Then, the 1st floor group could be scanned on Mondays, the 2nd floor group could be scanned on Tuesdays, etc.

If FortiNAC has lost contact with the host's Persistent Agent, the host cannot be scanned.

To add schedule tasks for a policy:

  1. Select Policy > Policy Configuration.

  2. In the menu on the left click the + sign next to Endpoint Compliance to open it.

  3. Click the Scans option to select it.

  4. Click the scan to be scheduled.

  5. Click Schedule.

    The Schedule Rescan of Agents window opens. Any existing scheduled tasks appear in the window.

  6. Click Add.

  7. Use the information in the table below to configure your Scan schedule.

    Field

    Definition

    Task

    Scan Name

    Name of the Scan that will be used to rescan hosts.

    Schedule Task Name

    Each task for the selected scan must have a unique name.

    Target Agent Types

    Type of agent the hosts are using: ALL, Dissolvable, or Persistent.

    Host Group

    If selected, indicates the group of hosts that will be checked for scan compliance when this scheduled task runs. See Groups view for information on creating groups. This group of hosts must be contained within the set of hosts targeted in the original scan.

    Security And Access Attribute

    If selected, filters hosts for rescan based on a field in the user record with matching data in the LDAP or Active Directory. This group of must be the same as or a subset of the group targeted in the original scan.

    If the Group option and the Security and Access Attribute option are both selected, the host must be a member of the group selected and the user must have a matching Security and Access Attribute value in order to be scanned.

    If neither the Group option nor the Security and Access Attribute option are selected, all of the hosts targeted by the original scan are scanned.

    Scans can be used in multiply policies, therefore, the set of hosts to be scanned could be quite large.

    Schedule

    Schedule Interval

    How often the scheduled task is to run. Enter a number and select Days, Hours, or Minutes from the drop-down list.

    Next Scheduled Time

    The next date/time to run the scheduled task. Enter in the format MM/DD/YY HH:MM AM/PM

    Pause

    When selected, the scheduled task is paused and will not run automatically. Go to the Scheduler View and run the task manually. See the Scheduler view for more information.

    Proactive Scanning

    Proactive Scanning

    See Schedule a scan—proactive scanning for additional information.

    Field

    Definition

    Task

    Scan Name

    Name of the Scan that will be used to rescan hosts.

    Schedule Task Name

    Each task for the selected scan must have a unique name.

    Target Agent Types

    Type of agent the hosts are using: ALL, Dissolvable, or Persistent.

    Host Group

    If selected, indicates the group of hosts that will be checked for scan compliance when this scheduled task runs. See Groups view for information on creating groups. This group of hosts must be contained within the set of hosts targeted in the original scan.

    Security And Access Attribute

    If selected, filters hosts for rescan based on a field in the user record with matching data in the LDAP or Active Directory. This group of must be the same as or a subset of the group targeted in the original scan.

    If the Group option and the Security and Access Attribute option are both selected, the host must be a member of the group selected and the user must have a matching Security and Access Attribute value in order to be scanned.

    If neither the Group option nor the Security and Access Attribute option are selected, all of the hosts targeted by the original scan are scanned.

    Scans can be used in multiply policies, therefore, the set of hosts to be scanned could be quite large.

    Schedule

    Schedule Interval

    How often the scheduled task is to run. Enter a number and select Days, Hours, or Minutes from the drop-down list.

    Next Scheduled Time

    The next date/time to run the scheduled task. Enter in the format MM/DD/YY HH:MM AM/PM

    Pause

    When selected, the scheduled task is paused and will not run automatically. Go to the Scheduler View and run the task manually. See the Scheduler view for more information.

    Proactive Scanning

    See Schedule a scan—proactive scanning for additional information.

  8. You can run the scheduled task automatically or manually. To manually run the scheduled task from the Scheduler View, click Pause to prevent the scheduled task from running. Otherwise, leave the Pause check box empty and the task will run at the next scheduled interval and time.
  9. Click Apply.
Previous
Next

Schedule a scan

When hosts that use the Persistent Agent or the Dissolvable Agent connect to the network, they are checked against an Endpoint Compliance Policy. FortiNAC maintains a list of hosts that have passed the scan within the policy. When hosts that previously passed the scan connect to the network, they are given access.

To recheck the hosts and ensure continued compliance, schedule the scan to be run at specific intervals. The hosts are rechecked the next time the scheduled task for the scan runs. Only hosts that have a valid operating system listed in Host Properties are rescanned. Valid operating systems include Windows and Mac.

You can add more than one scheduled task for each scan to check different groups of network hosts at various times. This prevents an excessive load on the system. These groups are subgroups of the original group targeted by the scan. For example, if the original scan was set to scan all staff in the Building A group, the scheduled scan could target staff in subsets of the Building A group. Subsets would be created by placing staff from the Building A group into smaller groups. Then, the 1st floor group could be scanned on Mondays, the 2nd floor group could be scanned on Tuesdays, etc.

If FortiNAC has lost contact with the host's Persistent Agent, the host cannot be scanned.

To add schedule tasks for a policy:

  1. Select Policy > Policy Configuration.

  2. In the menu on the left click the + sign next to Endpoint Compliance to open it.

  3. Click the Scans option to select it.

  4. Click the scan to be scheduled.

  5. Click Schedule.

    The Schedule Rescan of Agents window opens. Any existing scheduled tasks appear in the window.

  6. Click Add.

  7. Use the information in the table below to configure your Scan schedule.

    Field

    Definition

    Task

    Scan Name

    Name of the Scan that will be used to rescan hosts.

    Schedule Task Name

    Each task for the selected scan must have a unique name.

    Target Agent Types

    Type of agent the hosts are using: ALL, Dissolvable, or Persistent.

    Host Group

    If selected, indicates the group of hosts that will be checked for scan compliance when this scheduled task runs. See Groups view for information on creating groups. This group of hosts must be contained within the set of hosts targeted in the original scan.

    Security And Access Attribute

    If selected, filters hosts for rescan based on a field in the user record with matching data in the LDAP or Active Directory. This group of must be the same as or a subset of the group targeted in the original scan.

    If the Group option and the Security and Access Attribute option are both selected, the host must be a member of the group selected and the user must have a matching Security and Access Attribute value in order to be scanned.

    If neither the Group option nor the Security and Access Attribute option are selected, all of the hosts targeted by the original scan are scanned.

    Scans can be used in multiply policies, therefore, the set of hosts to be scanned could be quite large.

    Schedule

    Schedule Interval

    How often the scheduled task is to run. Enter a number and select Days, Hours, or Minutes from the drop-down list.

    Next Scheduled Time

    The next date/time to run the scheduled task. Enter in the format MM/DD/YY HH:MM AM/PM

    Pause

    When selected, the scheduled task is paused and will not run automatically. Go to the Scheduler View and run the task manually. See the Scheduler view for more information.

    Proactive Scanning

    Proactive Scanning

    See Schedule a scan—proactive scanning for additional information.

    Field

    Definition

    Task

    Scan Name

    Name of the Scan that will be used to rescan hosts.

    Schedule Task Name

    Each task for the selected scan must have a unique name.

    Target Agent Types

    Type of agent the hosts are using: ALL, Dissolvable, or Persistent.

    Host Group

    If selected, indicates the group of hosts that will be checked for scan compliance when this scheduled task runs. See Groups view for information on creating groups. This group of hosts must be contained within the set of hosts targeted in the original scan.

    Security And Access Attribute

    If selected, filters hosts for rescan based on a field in the user record with matching data in the LDAP or Active Directory. This group of must be the same as or a subset of the group targeted in the original scan.

    If the Group option and the Security and Access Attribute option are both selected, the host must be a member of the group selected and the user must have a matching Security and Access Attribute value in order to be scanned.

    If neither the Group option nor the Security and Access Attribute option are selected, all of the hosts targeted by the original scan are scanned.

    Scans can be used in multiply policies, therefore, the set of hosts to be scanned could be quite large.

    Schedule

    Schedule Interval

    How often the scheduled task is to run. Enter a number and select Days, Hours, or Minutes from the drop-down list.

    Next Scheduled Time

    The next date/time to run the scheduled task. Enter in the format MM/DD/YY HH:MM AM/PM

    Pause

    When selected, the scheduled task is paused and will not run automatically. Go to the Scheduler View and run the task manually. See the Scheduler view for more information.

    Proactive Scanning

    See Schedule a scan—proactive scanning for additional information.

  8. You can run the scheduled task automatically or manually. To manually run the scheduled task from the Scheduler View, click Pause to prevent the scheduled task from running. Otherwise, leave the Pause check box empty and the task will run at the next scheduled interval and time.
  9. Click Apply.
Previous
Next