Settings
The Settings View provides access to global system configuration options, such as Aging properties to remove hosts and users from the database or email settings for emailing users and administrators.
The Settings View is navigated using the tree control on the left side. The top level of the hierarchy represents the general configuration area, such as Authentication or System Communication. These areas are used to group similar functions. When a top level option such as Authentication is selected, the panel on the right contains a list of links to options that can be configured. For example, if Authentication is selected, the links provided include: Google, LDAP and RADIUS, and Roaming Guests. These options are also displayed below Authentication in the tree.
Use the Flat View button above the tree to list all of the options in alphabetical order instead of grouped in folders. Use the + Expand All and - Collapse All buttons at the top of the tree to open and close all of the folders. Click on the + symbol next to a folder to open it. Click on the - symbol to close the folder. Click on an option to display the corresponding configuration panel on the right.
Options
Option |
Description |
Authentication |
|
|
Use Google to configure the connection to authenticate using a Google account. |
LDAP |
Configure the connection with one or more LDAP directories for user authentication. See Directories and Configuration. |
RADIUS |
Set up RADIUS servers for authentication. See RADIUS. |
Roaming Guests |
Set up a list of local domains. Users with login credentials that contain domains outside the list are treated as Roaming Guests. See Roaming guests. |
Control |
|
Access Point Management |
Provides the ability to manage hosts connected to hubs using DHCP as a means to control or restrict host access. |
Allowed Domains |
Specify the domains and Production DNS Server that isolated hosts use to gain access to network locations. See Allowed domains. |
Quarantine |
When Quarantine VLAN Switching is set to Enable and the ports are in the Forced Remediation Group,FortiNAC switches unregistered hosts that are being scanned to the Quarantine VLAN until the scan process is completed. See Quarantine. |
Identification |
|
NAT Detection |
Enter the IP ranges where FortiNAC will allow NAT'd hosts. IP addresses outside this range could be NAT'd hosts and can generate an event and an alarm to notify the network administrator. See NAT detection. |
Rogue DHCP Server Detection |
Monitors approved DHCP servers operation and detects rogue DHCP servers on the network using a dedicated interface on the (Undefined variable: User_Guide.ProductAbbrev) appliance. It defines a scheduled task to run and search specific VLANs and discover all active entities serving IP addresses. This task compares the discovered DHCP servers against a list of authorized DHCP servers and triggers corresponding events when there is no match. |
Vendor OUIs |
Allows you to modify the Vendor OUI database, which is used to determine whether or not a MAC address is valid or by Device Profiler to profile devices by OUI. The database is updated periodically through the Auto Definition update process. See Vendor OUIs. |
Network Device |
|
Network Device |
Set global properties that are specific to network devices and VLANs. See Network device. |
Persistent Agent |
|
Agent Update |
Enable Persistent Agent updates by Operating System, schedule agent updates and add hosts to the list of Update Exceptions. You can update agents on both platforms simultaneously or separately. See Global updates |
Credential Configuration |
Configure how credentials are verified for hosts who use the Persistent Agent. |
Security Management |
Configure the FortiNAC server name of the server for Persistent Agent communication, enable or disable display notifications to the host, configure Header and footer text for the Persistent Agent Authentication page and Status messages in the message box on the user's desktop. See Security management. |
Status Notifications |
Configure how users are notified of their host status when the Persistent Agent contacts the FortiNAC server. See Status notifications. |
Reports |
|
Local Reporting |
Set record limits for reports to prevent the server from being overloaded. See Reports. |
Analytics |
Configure the connection between the FortiNAC server and the cloud reporting Analytics server. This connection allows an agent on the FortiNAC server to push data for reporting to an external server based on a user-defined schedule. See Reports. |
Security |
|
Portal SSL |
Enable or disable the use of SSL Certificates in the Portal or for Agent server communications. See Portal SSL. |
System Communication |
|
Email Settings |
Enter settings for your email server. This allows FortiNAC to send email to Administrators and network users. See Email settings. |
Log Receivers |
Configure a list of servers to receive event and alarm messages from FortiNAC. See Log receivers. |
MDM Services |
Configure one or more Mobile Device Management (MDM) servers that integrate with FortiNAC. See MDM services. |
Mobile Providers |
Displays the default set of Mobile Providers included in the database. FortiNAC uses the Mobile Providers list to send SMS messages to guests See Mobile providers. |
Patch Management |
The Patch Management feature allows integration with Patch servers such as BigFix or PatchLink. See Patch management. |
Proxy Settings |
Configure FortiNAC to direct web traffic to a proxy server in order to download OS updates and auto-definition updates. |
SNMP |
Set the SNMP protocol for devices that query FortiNAC for information. See SNMP. |
Syslog Files |
Syslog Files that you create and store are used by FortiNAC to parse the information received from these external devices and generate an event. The event can contain any or all of the fields contained in the syslog output and can be mapped to an Alarm and an Alarm action. See Syslog management and Map events to alarms. |
Trap MIB Files |
Enter configurations to interpret SNMP trap MIB information sent from a device and associate it with events and alarms in FortiNAC. See Trap MIB files and Map events to alarms. |
System Management |
|
Database Archive |
Set the age time for archived data files and configure the schedule for the Archive and Purge task. See Database archive. |
Database Backup/Restore |
Schedule database backups, configure how many days to store local backups, and restore a database backup. Note that this restores backups on the FortiNAC server, not backups on a remote server. |
High Availability |
Configuration for Primary and Secondary appliances for High Availability. Saving changes to these settings restarts both the Primary and Secondary servers. See High availability. |
License Management |
View or modify the license key for this server or an associated Application server. |
NTP And Time Zone |
Reset the time zone and NTP server for your FortiNAC appliances. Typically the time zone and NTP server are configured using the Configuration Wizard during the initial appliance set up. Requires a server restart to take effect. See NTP and time zone. |
Power Management |
Reboot or power off the FortiNAC server. In the case of a FortiNAC Control Server / Application Server pair, reboot or power off each server individually. See Power management. |
Remote Backup Configuration |
Configure Scheduled Backups to use a remote server via FTP and/or SSH. |
System Backups |
Create a backup of all system files that are used to configure FortiNAC. See System backups. |
Updates |
|
Agent Packages |
Displays a list of the Dissolvable, Persistent and Passive Agent versions available on your (Undefined variable: User_Guide.ProductFamily) appliance. Download new agents and add them to FortiNAC as they become available from Fortinet using the Download button. Download an Administrative template for GPO configuration to your PC from the (Undefined variable: User_Guide.ProductFamily)appliance using the links at the top of the view. See Agent packages. |
Operating System |
Use Operating System Updates to download and install updates to the operating system on FortiNAC servers. See Updating CentOS. |
System |
Use System Updates to configure download settings, download updates from Fortinet, install updates and view the updates log. See System update. |
User/Host Management |
|
Aging |
Configure default settings to age users and hosts out of the database. See Aging. |
Allowed Hosts |
Configure the default number of hosts that can be registered to a user. See Allowed hosts. |
Device Profiler |
Enable or Disable creating rogues from DHCP packets heard on the network. See Device profiler. |
MAC Address Exclusion |
Lists the MAC addresses that can be ignored by FortiNAC when they connect to the network. These addresses will not be treated as rogues and will be allowed on the production network. |