Device profiler
Controls creation of rogue hosts from DHCP packets heard on the network.
Field |
Definition |
||
Create Rogues from DHCP packets |
When enabled, rogues will be created from information learned from DHCP packets heard on the network. It helps to quickly learn about hosts communicating on the network, but in some network environments it can add a large number of rogues hosts from unmanaged areas of the network. Default = true
|
||
Perform Active (NMAP) profiling without ICMP ping |
When enabled, Active NMAP scans will not perform a ICMP ping of the host prior to initiating the NMAP scan. This allows networks where ICMP is blocked to still do NMAP scanning. This is disabled by default as it could be a considerable performance drain scanning a large number of uncontactable hosts. Default = false |
||
FortiGuard IoT Query URL |
The URL for the API to which FortiNAC must connect to query IoT data from the FortiGuard IoT service. This information is used when profiling IoT devices using the Device Profiler method "FortiGuard". For a list of possible servers, click the "?" button next to the option. |
||
Enable FortiGuard IoT Collect Service |
When enabled, FortiNAC sends DHCP fingerprint information collected from IoT devices on the network to the FortiGuard IoT service. This improves the query results when profiling devices using the "FortiGuard" Device Profiler method. |
||
Proactive "Active" method profiling |
Enable this to automatically active endpoint (NMAP) fingerprints. User doesn't need to create a device profiling rule to identify devices |
||
Proactive "Fortiguard" method profiling |
Enable this to automatically create Fortiguard fingerprints. User doesn't need to create a device profiling rule to identify devices. |
||
FortiGuard Collect URL |
The URL for the API to which FortiNAC must connect to send IoT data. For a list of possible servers, click the "?" button next to the option. The possible servers are: Anycast: globaldevcollect.fortinet.net usdevcollect.fortinet.net eudevcollect.fortinet.net AWS: globaldevcollect2.fortinet.net usdevcollect2.fortinet.net eudevcollect2.fortinet.net Note: Users can input URL based on their region. For example, users from the European Union can use the URL with eu. |
- Click System > Settings.
- Expand the User/Host Management folder.
- Select Device Profiler from the tree.
- Use the check boxes to enable or disable the desired functions.
- Enter into the field the desired URL for the FortiGuard IoT service. For a list of options, click to the "?" button next to the field.
- Click Save Settings.