Administration Guide

What's new in FortiNAC 8.5
FortiNAC
- Introduction
- Requirements
- DNS configuration
- IPv6 support
- Login procedure
- Admin user interface connection errors
- Licenses
- Navigation
- Menus
- Passwords
- Time stamps and time zones
- Analytics
- Icons
- Certificates
Dashboard
- Add a panel
- Alarm
- Host summary
- Network device summary
- Details list view
- License information
- Performance
- Persistent Agent summary
- Scans
- Summary
- Security summary
- User summary
- Views
- Manage hosts and ports
- Locate
- Guest accounts
- Send messages to hosts
Settings
- Authentication
- Control
- Identification
- Network device
- Persistent Agent settings
- Reports
- Security
  - Portal SSL
  - Certificate management
- System communication
- System management
- Updates
- User/host management
Portal configuration
- Splash page
- Portal content editor
- Multiple portals
- Configure authentication credentials
- Portal configuration - version 1 settings
- Content fields
Device profiler
- Process
- Implementation
- Rules
- Administrative user profiles for device managers
- Add an administrative user for device profiler
- Device profiler events and alarms
- Profiled devices
Monitor devices
- View and register known devices
- Learning about hosts on the network
- Isolate unknown devices
- Control access based on device types
- View logs and reports
Policies
- Policy assignment
- Policy details
- Policy simulator
- User/host profiles
- Portal policies
- Authentication policies
- Authentication configurations
  - Add or modify a policy
  - Delete a configuration
- Network access policies
- Network access configurations
- Endpoint compliance policies
- Endpoint compliance configurations
- Scans
- Supplicant EasyConnect policies
- Supplicant configurations
- Remediation configurations
Endpoint compliance
- Implementation
- Agent overview
- Dissolvable Agent
- Passive Agent
- Persistent Agent
- Mobile Agent
- Agent server communications
- Auto-Definition updates
- Send a message to group/all hosts
Role management
- Configuration
- Assigning roles
- Roles view
- Network device roles
  - Add role mappings
  - Modify or delete role mapping
Guest manager
- Implementation
- Guest/contractor templates
- Admin profiles
- Administrative users
- Portal page setup for version 1
- Portal page setup for version 2
- Printer settings for guest badges
- Events and alarms
- Sponsors
- Guest/contractor login
- Using a kiosk
- Guest self-registration
Automated Threat Response (ATR)
- Implementation
- Security rules
  - Add or modify a rule
  - Delete a rule
- Triggers
- Security actions
- Security alarms
- Security events
User view
- Configure table columns and tooltips
- Search and filter options
- Search settings
- User drill-down
- User properties
- Add or modify a user
- Delete a user
- Add users to groups
- Group membership
- Guest account details
- Set user expiration date
Admin profiles and permissions
- Default administrator profiles
- Permissions list
- Add an admin profile
- Modify admin profiles
- Modify admin profiles for administrator users
- Delete an admin profile
- Copy an admin profile
- Admin profile mappings
Admin users
- Add an admin user
- Modify an admin user
- Delete an admin user
- Copy an admin user
- Modify a user's admin profile
- User theme
- Limit admin access with groups
- Set admin privileges based on directory groups
- Add admin users to groups
- Group membership
- Configure secure mode
Import and export data
- Import archived data
- Import hosts, users or devices
- Import admin users
- Import IP ranges
- CLI import tool
  - Create .csv files for device import
  - Import devices with the CLI tool
- Import port descriptions
- Export data
Topology view
- Topology tree contact status
- Control access
  - Containers
  - Network summary
- Customer icon
- Container icon
- Device view
- Device configuration
- Ports view
- SSID view
  - SSID configuration
  - Modify multiple SSIDs
- Logical networks
Hosts, adapters, and applications
- USB/Thunderbolt external Ethernet adapters
- Host view
- Adapter view
- Aging out host or user records
- Application view
Device identity
Containers view
- Configure container for devices
Network devices
- Network device groups
Groups view
- Add groups
- Copy a group
- Delete a group
- Limit user access with groups
- Modify a group
- Group membership
- Show group members
- Group in use
- Aging hosts in a group
- System groups
- Customer defined groups
Admin auditing
- Configuration
- Accessing the auditing log
Scheduler view
- Add a task
- Add other scheduled tasks
- Copy a task
- Delete a task
- Modify a task
- Run task now
Event management
- Enable and disable events
- Event thresholds
- Log events to an external log host
- Examples of syslog messages
- View events currently mapped to alarms
Events view
- Event notes
- Events and alarms list
Alarms view
- Show or hide alarm details
- Map events to alarms
- Add or modify alarm mapping
- Bulk modify alarm mappings
- Delete alarm mapping
Reports view
- Standard report templates
- Custom reports
- Schedule reports
- Archived reports
Scan results view
- Show details
- Archive and clear all scans
- Archive and clear selected scans
Connections view
CLI configuration
- Configuration in use
- Show configuration
- Port based and host based configurations
- Add or modify a configuration
- Sample configurations
- Implement configurations
- Port changes view
- Requirements for ACL based configurations
High availability
- Server communication
- Using a shared IP address (Layer 2)
- Servers on different subnets (Layer 3)
- Connectivity configuration
- Primary and secondary configuration
- Update software
- High availability concepts
- Troubleshooting tips
Receive data from external devices
Send SMS messages
Wireless security
- Auto-configured data
- SSID mappings
- Secure SSID for guest management
- Open SSID for guest management
- Secure SSID for device onboarding
- Open SSID for device onboarding
REST API
- API URLs
- Alarms
- Specific alarm
- Acknowledge alarm
- Containers - bulk
- Specific container
- Control tasks
- Control task items
- Control task - scan by endpoint ID
- Device identities
- Specific device identity
- Profiled devices
- Specific profiled devices
- Register a profiled device
- Device profiling rules
- Specific device profiling rule
- Endpoint
- Specific endpoint
- Endpoints - bulk
- Specific endpoint adapter
- Add or update an endpoint - FORM
- Add or update an dndpoint - JSON/XML
- Bulk add or update endpoints - JSON/XML
- Events
- Specific event
- Group
- Specific group
- Add or update a group
- Delete a group
- Specific network device
- Network devices - bulk
- Specific network port
- Service
- Scheduled tasks
- Run a scheduled task
- Specific scheduled task
- Users
- Add or update a user
- Add or update a user - FORM
- Add or update a user - JSON/XML
- Vendor OUIs
- Specific vendor OUI
- Troubleshooting REST API
Appendix A: Scan parameters
- Anti-Virus parameters - Windows
- Anti-Virus parameters - macOS
- Operating system parameters - Windows
- Operating systems parameters - macOS
Appendix B: Security event severity level mappings

Home FortiNAC 8.5.2 Administration Guide

8.5.2

Supplicant configurations

Supplicant Configurations define an SSID and security parameters required to configure the native supplicant available on a connecting host as part of its operating system. The Supplicant Configuration that is used for a particular host is determined by the pairing of a Supplicant Configuration and a User/Host Profile within a Supplicant Policy.

When a host connects to the network and requires the use of a supplicant, the host and user data are compared to each Supplicant Policy starting with the first policy in the list. When a policy is found where the host and user data match the User/Host Profile in the policy, that policy is applied. The Supplicant Configuration contained within that policy configures the supplicant on the host.

See Navigation and Filters for information on common navigation tools and data filters.

Settings

An empty field in a column indicates that the option has not been set.

Field

Definition

Name

User defined name for the Configuration.

SSID

Name of the SSID being configured. This is not necessarily the SSID to which the host is connected. However, the agent will attempt to move the host to this SSID when the configuration is applied.

A host can have Supplicant Configurations stored for multiple SSIDs.

Security

Indicates the type of encryption that will be used for connections to this SSID. Options include:

Open
WEP (PSK)
WPA (PSK)
WPA2 (PSK)
WEP Enterprise (PEAP)
WPA Enterprise (PEAP)
WPA2 Enterprise (PEAP)

WPA Enterprise and WPA2 Enterprise are limited to PEAP-MSCHAPv2.

Cipher

Encryption/decryption method used in conjunction with the information in the Security field to secure this connection. Options include:

AES
NONE
TKIP

EAP Type

Currently only PEAP is supported.

Note

User specified note field. This field may contain notes regarding the conversion from a previous version of FortiNAC.

Last Modified By

User name of the last user to modify the record.

Last Modified Date

Date and time of the last modification to this configuration.

Right click options

Delete

Deletes the selected Supplicant Configuration.

In Use

Indicates whether or not the selected configuration is currently being used by any other FortiNAC element. See Configurations in use.

Modify

Opens the Modify Supplicant Configuration window for the selected configuration.

Show Audit Log

Opens the Admin Auditing Log showing all changes made to the selected item.

For information about the Admin Auditing Log, see Admin auditing.

You must have permission to view the Admin Auditing Log. See Add an admin profile.

Buttons

Export

Exports the data displayed to a file in the default downloads location. File types include CSV, Excel, PDF or RTF. See Export data.