Schedule a scan—proactive scanning
Users can proactively rescan their computers to re-assess their system with or without any impact to their At Risk status. This feature helps to decrease the load around the re-registration process or rescan intervals.
To rescan the user must open a browser and navigate to the following:
https://<Server or Application Server>/remediation
The FortiNAC Server or Application Server in the URL can be either the IP Address or Name of the server that is running the captive portal.
The time extension capability can not change a guest record’s age-out time; time extensions only apply to standard hosts.
Use the options in the Schedule Rescan window to specify whether to apply a time extension if there is a successful scan history within the interval, and what actions to take if there is no scan history. For example if a host does not rescan proactively, the registered host can be set to age-out or be marked At Risk.
Once you have created a policy, do the following to configure the proactive scanning and specify subsequent actions.
Add proactive scanning to a scan schedule
-
Click Policy > Policy Configuration.
-
In the menu on the left click the + sign next to Endpoint Compliance to open it.
-
Click the Scans option to select it.
-
Select the scan to be scheduled.
-
Click Schedule.
The Schedule Rescan of Agents window opens. Any existing scheduled tasks for the scan appear in the window.
-
Click Add.
-
For Target select Dissolvable. Only hosts using the Dissolvable Agent can do a proactive scan.
-
For the Proactive Scanning Option, select On. See the Schedule Policy Rescan Of Agent Fields section field definitions.
-
Click Apply.
In the figure shown below, the Scan History Interval is set to one week. If hosts have successfully passed a scan during the week prior to the time and date specified in the Next Scheduled Time field, their expiration time is extended by one week and they will remain on their production network. If they do not have a successful scan within the previous week, they are marked at risk and moved to remediation to be rescanned.
|
Field |
Definition |
|
Scan Name |
Name of the Scan that will be used to rescan hosts. |
|
Schedule Task Name |
Each task for the selected policy must have a unique name. |
|
Target Agent Types |
Type of agent the hosts are using: ALL, Dissolvable, or Persistent. |
|
Host Group |
If selected, indicates the group of hosts that will be checked for scan compliance when this scheduled task runs. See Groups view for information on creating groups. This group of hosts must be contained within the set of hosts targeted in the original policy. |
|
Security And Access Attribute |
If selected, filters hosts for rescan based on a field in the user record with matching data in the LDAP or Active Directory. This group of must be the same as or a subset of the group targeted in the original policy. |
|
If the Group option and the Security and Access Attribute option are both selected, the host must be a member of the group selected and the user must have a matching Security and Access Attribute value in order to be scanned. If neither the Group option nor the Security and Access Attribute option are selected, all of the hosts targeted by the original policy are scanned. Scans can be used in multiply policies, therefore, the set of hosts to be scanned could be quite large. |
|
|
Schedule Interval |
How often the scheduled task is to run. Enter a number and select Days, Hours, or Minutes from the drop-down list. |
|
Next Scheduled Time |
The next date/time to run the scheduled task. Enter in the format MM/DD/YY HH:MM AM/PM |
|
Pause |
When selected, the scheduled task is paused and will not run automatically. Go to the Scheduler View and run the task manually. See the Scheduler view for more information. |
|
Proactive Scanning |
Select On. If you select Off, the hosts are placed in Quarantine when the scheduled task runs. |
|
Scan History Interval (previous) |
Interval of time the previous scan history is considered valid. |
|
No Scan History Found |
If the host has not been successfully scanned within the scan history interval, you have the option of marking the host at risk or aging the record. If you select At Risk, the host is moved to Quarantine to be rescanned. If you select Age Record, the host is deleted and must be re-registered to regain network access. |
|
Scan History Found |
If the most recent scan in the scan history is a successful scan for the host and is within the scan history interval, you have the option of selecting No Action or Extend Time. Select No Action to let the account remain with the existing expiration date and time. If the system takes no action, the host is forced to rescan when the expiration date and time are met even if the host has a successful scan prior to the expiration date and time. Select Extend Time to specify a period in Extend Expiration Date (the next field). |
|
Extend Expiration Time |
If Extend Time is selected and the host has had a successful scan within the Scan History Interval, the host’s expiration time is extended by this amount. |