Fortinet black logo

Control Manager

Groups view

Copy Link
Copy Doc ID c0e495af-7299-11e9-81a4-00505692583a:783432
Download PDF

Groups view

Groups allow you to put like items together. By creating groups you eliminate the need to configure and control items within the group individually. For example, if you put a set of ports in a group, you can modify the group settings and affect all of the ports simultaneously. Groups can contain other groups.

All Groups (except Admin User Groups) on the FortiNAC Control Manager are only used in the construction of other global objects. You can modify the sub-groups of these groups on the FortiNAC Control Manager, but not the members (Admin User Groups are the exception and you can modify the members of these groups on the FortiNAC Control Manager since they can be used on the FortiNAC Control Manager, for example to assign to an Event to Alarm Mapping to send email to for an Alarm).

With Global groups on the FortiNAC Servers, you can modify the members, but cannot modify the group structure (sub-groups).

Use the Groups View to add, modify, and delete groups within FortiNAC Control Manager. FortiNAC Control Manager comes with some standard groups over which it maintains ownership. These are marked as System groups. Create groups to group admin users on the FortiNAC Control Manager. Associate these groups with scheduled tasks to perform a variety of functions.

Groups can be used to assign Policies or Roles to Hosts or Users.

If there are more than 2000 Groups in the database, the groups are not automatically displayed. Instead, a confirmation dialog is shown asking if you would like to continue. Note that large numbers of records may load very slowly if not filtered. Choose Yes to display all Groups or No to reduce the number displayed by using the filters.

See Navigation and Filters for information on common navigation tools and data filters.

Field

Definition

Global

The Global column always displays "Yes" on the FortiNAC Control Manager, and indicates which information will be synchronized with a FortiNAC Server upon manual or automatic synchronization. This information is read-only on the FortiNAC Server. Upon synchronization, the information is overwritten on the FortiNAC Server. See Server synchronization for more information.

Global information with a rank will always be ranked first on a FortiNAC Server. The rank of any item on a FortiNAC Server cannot be modified if it would result in changing the rank of a global item.

You can only modify or delete global information from the FortiNAC Control Manager.

Name

Name used to identify the group.

Type

Indicates whether this is a group of ports, devices, IP phones, hosts, users or administrators.

Owner

Creator of the group. System indicates that the group was created by FortiNAC. User indicates that an administrative user created the group.

Members

The number of items contained within the group. For example, if this is a host group, this number indicates the total number of hosts in the group. If this group contains sub-groups, the number includes those items in each sub-group.

Only the Administrator group type will display the number of members in the group. The Members column will appear blank for all other group types because members cannot be added to these groups on the FortiNAC Control Manager.

Days Valid

This column only applies to Host groups. The Expiration Date for hosts in this group is calculated using the number of days valid. For example, if a host is added to the group on 01/01/2011 and days valid is set to 30, the host's Expiration Date is set to 01/31/2011. The Expiration Date is set when a host is added to the group or when the Days Valid is edited. See Aging hosts in a group for more information.

Days Inactive

This column only applies to Host groups. The number of days of network inactivity after which hosts in this group are removed from the database. For example, if this is set to three and a host in this group has not connected to the network for three days, the host record is removed from the database. See Aging hosts in a group for more information.

Description

User specified description for the selected group.

Last Modified By

User name of the last user to modify the group.

Last Modified Date

Date and time of the last modification to this group.

Right Mouse Click Menu - Options Button Menu

Copy Group

Creates a copy of the selected group.

Delete

Deletes the selected group.

Group Member Of

Displays groups in which this group is a member. A group can be a sub-group of another group of the same type. See Groups - group membership.

In Use

Provides a list of other features that reference this group, such as a Policy Mapping or a Scheduled Task. See Group in use.

System-owned groups will not be displayed as "In Use", even though they are in use by the system.

Manages

Applies only to Administrator groups. Administrator groups can be designated to manage groups of devices or hosts. See Limit user access with groups.

Modify

Opens the Modify Group window. See Modify a group.

Set Aging

Allows you to set Days Valid and Days Inactive for the selected Host group. Days Valid and Days Inactive are used to calculate the date when the host is aged out of the database. Date is set when a host is added to the group or when Days Valid or Days Inactive fields are modified. See Aging hosts in a group.

Show Audit Log

Opens the Admin Auditing Log showing all changes made to the selected item.

For information about the Admin Auditing Log, see Admin auditing

You must have permission to view the Admin Auditing Log. See Add an admin profile

Buttons

Export

Exports the data displayed to a file in the default downloads location. File types include CSV, Excel, PDF or RTF.

Show Members

Opens the Group Members window and displays a list of all of the items within the group. Indicates whether the item is a member of the main group or a sub-group. See Show group members.

Groups view

Groups allow you to put like items together. By creating groups you eliminate the need to configure and control items within the group individually. For example, if you put a set of ports in a group, you can modify the group settings and affect all of the ports simultaneously. Groups can contain other groups.

All Groups (except Admin User Groups) on the FortiNAC Control Manager are only used in the construction of other global objects. You can modify the sub-groups of these groups on the FortiNAC Control Manager, but not the members (Admin User Groups are the exception and you can modify the members of these groups on the FortiNAC Control Manager since they can be used on the FortiNAC Control Manager, for example to assign to an Event to Alarm Mapping to send email to for an Alarm).

With Global groups on the FortiNAC Servers, you can modify the members, but cannot modify the group structure (sub-groups).

Use the Groups View to add, modify, and delete groups within FortiNAC Control Manager. FortiNAC Control Manager comes with some standard groups over which it maintains ownership. These are marked as System groups. Create groups to group admin users on the FortiNAC Control Manager. Associate these groups with scheduled tasks to perform a variety of functions.

Groups can be used to assign Policies or Roles to Hosts or Users.

If there are more than 2000 Groups in the database, the groups are not automatically displayed. Instead, a confirmation dialog is shown asking if you would like to continue. Note that large numbers of records may load very slowly if not filtered. Choose Yes to display all Groups or No to reduce the number displayed by using the filters.

See Navigation and Filters for information on common navigation tools and data filters.

Field

Definition

Global

The Global column always displays "Yes" on the FortiNAC Control Manager, and indicates which information will be synchronized with a FortiNAC Server upon manual or automatic synchronization. This information is read-only on the FortiNAC Server. Upon synchronization, the information is overwritten on the FortiNAC Server. See Server synchronization for more information.

Global information with a rank will always be ranked first on a FortiNAC Server. The rank of any item on a FortiNAC Server cannot be modified if it would result in changing the rank of a global item.

You can only modify or delete global information from the FortiNAC Control Manager.

Name

Name used to identify the group.

Type

Indicates whether this is a group of ports, devices, IP phones, hosts, users or administrators.

Owner

Creator of the group. System indicates that the group was created by FortiNAC. User indicates that an administrative user created the group.

Members

The number of items contained within the group. For example, if this is a host group, this number indicates the total number of hosts in the group. If this group contains sub-groups, the number includes those items in each sub-group.

Only the Administrator group type will display the number of members in the group. The Members column will appear blank for all other group types because members cannot be added to these groups on the FortiNAC Control Manager.

Days Valid

This column only applies to Host groups. The Expiration Date for hosts in this group is calculated using the number of days valid. For example, if a host is added to the group on 01/01/2011 and days valid is set to 30, the host's Expiration Date is set to 01/31/2011. The Expiration Date is set when a host is added to the group or when the Days Valid is edited. See Aging hosts in a group for more information.

Days Inactive

This column only applies to Host groups. The number of days of network inactivity after which hosts in this group are removed from the database. For example, if this is set to three and a host in this group has not connected to the network for three days, the host record is removed from the database. See Aging hosts in a group for more information.

Description

User specified description for the selected group.

Last Modified By

User name of the last user to modify the group.

Last Modified Date

Date and time of the last modification to this group.

Right Mouse Click Menu - Options Button Menu

Copy Group

Creates a copy of the selected group.

Delete

Deletes the selected group.

Group Member Of

Displays groups in which this group is a member. A group can be a sub-group of another group of the same type. See Groups - group membership.

In Use

Provides a list of other features that reference this group, such as a Policy Mapping or a Scheduled Task. See Group in use.

System-owned groups will not be displayed as "In Use", even though they are in use by the system.

Manages

Applies only to Administrator groups. Administrator groups can be designated to manage groups of devices or hosts. See Limit user access with groups.

Modify

Opens the Modify Group window. See Modify a group.

Set Aging

Allows you to set Days Valid and Days Inactive for the selected Host group. Days Valid and Days Inactive are used to calculate the date when the host is aged out of the database. Date is set when a host is added to the group or when Days Valid or Days Inactive fields are modified. See Aging hosts in a group.

Show Audit Log

Opens the Admin Auditing Log showing all changes made to the selected item.

For information about the Admin Auditing Log, see Admin auditing

You must have permission to view the Admin Auditing Log. See Add an admin profile

Buttons

Export

Exports the data displayed to a file in the default downloads location. File types include CSV, Excel, PDF or RTF.

Show Members

Opens the Group Members window and displays a list of all of the items within the group. Indicates whether the item is a member of the main group or a sub-group. See Show group members.