DOCUMENT LIBRARY
DOCUMENT LIBRARY
Products
Best Practices
Hardware Guides
Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
Hybrid Mesh Firewall
FortiGate/ FortiOS
FortiGate-5000
/
6000
/
7000
NOC Management
FortiManager
/
FortiManager Cloud
Managed Fortigate Service
LAN
FortiSwitch
FortiAP / FortiWiFi
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
More >>
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Lacework FortiCNAPP
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Web Application / API Protection
FortiWeb
FortiADC
FortiDAST
More >>
Security Operations
Security Operations Automation
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
SOC-as-a-Service (SOCaaS)
Identity
FortiAuthenticator
FortiTrust Identity
FortiPAM
Early Detection & Prevention
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiDeceptor
FortiRecon
More >>
Secure Networking
Hybrid Mesh Firewall
FortiGate/ FortiOS
FortiGate-5000
/
6000
/
7000
NOC Management
FortiManager
/
FortiManager Cloud
Managed Fortigate Service
FortiAIOps
LAN
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
Communication & Surveillance
FortiVoice
/
FortiVoice Cloud
FortiFone
FortiCamera
FortiRecorder
FortiCentral
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Cloud-Native Security
Lacework FortiCNAPP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiADC
FortiDAST
Security Operations
Security Operations Automation
FortiAnalyzer
/
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
Endpoint
FortiClient
/
FortiClient Cloud
FortiEDR/XDR
Data Protection
FortiDLP
FortiDLP Agent
FortiDLP Policies
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken
/
FortiToken Cloud
FortiPAM
Email
FortiMail
FortiPhish
Early Detection & Prevention
FortiSandbox
/
FortiSandbox Cloud
FortiNDR
FortiDeceptor
FortiRecon
Expert Services
SOC-as-a-Service (SOCaaS)
Edge Firewall
FortiGate/FortiOS
FortiGate-5000
/
6000
/
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
Overlay-as-a-Service
SD Branch
FortiSwitch
FortiAP / FortiWiFi
FortiExtender
/
FortiExtender Cloud
Application Delivery
FortiADC
/
FortiGSLB
Single Vendor SASE
FortiSASE
Secure Endpoint Connectivity
FortiClient
/
FortiClient Cloud
Secure Private Access
Secure SD-WAN
Zero Trust Network Access (ZTNA)
Thin Edge
FortiGate/ FortiOS
FortiAP / FortiWiFi
FortiExtender
/
FortiExtender Cloud
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Application Gateway
FortiGate/ FortiOS
FortiProxy
FortiADC
/
FortiGSLB
Enterprise Asset Management
FortiClient EMS
Endpoint Agent
FortiClient
/
FortiClient Cloud
Agentless Security Posture
FortiNAC-F
FortiSIEM
/
FortiSIEM Cloud
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Wireless
FortiAP / FortiWiFi
FortiAP-U Series
FortiGate Cloud
Switching
FortiSwitch
FortiEdge Cloud
FortiNAC-F
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Privilege Acccess Management
FortiPAM
Next Generation Firewall
FortiGate / FortiOS
FortiGate-5000
/
6000
/
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
/
FortiManager Cloud
FortiAnalyzer
/
FortiAnalyzer Cloud
Expert Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
All
FortiADC Public Cloud
FortiAnalyzer Public Cloud
FortiAuthenticator Public Cloud
FortiDeceptor Public Cloud
FortiGate Public Cloud
FortiIsolator Public Cloud
FortiManager Public Cloud
FortiNDR Public Cloud
FortiPAM Public Cloud
FortiPortal Public Cloud
FortiProxy Public Cloud
FortiSandbox Public Cloud
FortiTester Public Cloud
FortiVoice Public Cloud
FortiWeb Manager Public Cloud
FortiWeb Public Cloud
All
FortiADC Private Cloud
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Private Cloud
FortiAuthenticator Private Cloud
FortiDeceptor Private Cloud
FortiGate Private Cloud
FortiManager Private Cloud
FortiNDR Private Cloud
FortiPAM Private Cloud
FortiProxy Private Cloud
FortiSandbox Private Cloud
FortiTester Private Cloud
FortiVoice Private Cloud
FortiWeb Manager Private Cloud
FortiWeb Private Cloud
Account Management
FortiCloud Services
SAAS Management
FortiGate Cloud
FortiEdge Cloud
FortiEdge Cloud
FortiExtender Cloud
FortiPresence Cloud
FortiToken Cloud
FortiTrust Identity
FortiZTP
FortiCamera Cloud
SAAS Application Security
FortiWeb Cloud
FortiGSLB
FortiCASB
FortiCNP
FortiInsight
FortiPhish
FortiGate CNF
Managed Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
Platform as a service (PAAS)
FortiSASE
FortiAnalyzer Cloud
FortiManager Cloud
FortiClient Cloud
FortiSandbox Cloud
FortiMail Cloud
FortiSOAR Cloud
Other SAAS Services
Overlay-as-a-Service
FortiRecon
FortiConverter
ForiIPAM
FortiFlex
FortiCare Elite
4D Resources
Solution Hubs
Define, design, deploy, demo
4D Pillars
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Curated Links by Solution
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
Next Generation Firewall
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiGate
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Search documents and hardware ...
Administration Guide
What's new in FortiNAC 8.6.0
FortiNAC
Introduction
DNS configuration
IPv6 support
Login procedure
Connection errors
Internet access
Licenses
Events and alarms
FortiNAC Control Manager
Evaluation license keys
Navigation
Filters
Search
Search and filter options
Find containers or devices
Menus
Manage bookmarks
User preferences
Passwords
Time stamps and time zones
Analytics
Icons
Certificates
Manage hosts and ports
Locate
Guest accounts
Send messages to hosts
Dashboard
Adding panels
Alarms
Host Summary
User Summary
Network Device Summary
License Information
Performance
Persistent Agent Summary
Security Summary
Scans
Summary
Views
Settings
Control
Access point management
Allowed domains
Web proxy
Quarantine
Identification
NAT detection
Rogue DHCP server detection
Vendor OUIs
Network device
Persistent Agent settings
Global updates
Credential configuration
Security management
Status notifications
Transport configurations
USB detection
Reports
Security
Portal SSL
Certificate management
System communication
Email settings
Log receivers
MDM services
Mobile providers
Patch management
Proxy settings
SNMP
Syslog management
Security event parsers
Trap MIB files
Vulnerability scanner
System management
Database archive
Backup or restore a database
License management
NTP and time zone
High availability
Power management
Backup to a remote server
System backups
Updates
Agent packages
Updating CentOS
System update
User/host management
Aging
Allowed hosts
Device profiler
MAC address exclusion
Authentication
Automatic authentication
Google authentication
Google Developer's Console
Add or modify account settings
Enable push notifications
Directories
Requirements
Structure and synchronization
Configuration
Delete a directory
Schedule synchronization
Preview
Create a keystore for SSL or TLS
RADIUS
Manage settings
802.1x environments
Order of precedence
Configure RADIUS settings
Set defaults
Set domain mappings
Configure local domain list
Failover process
Validate redundant RADIUS
Roaming guests
Portal configuration
Splash page
Portal content editor
Edit style sheets
Export portal content
Import portal content
Upload images
Sample portal page
Using special characters
Configuration
Host inventory
Multiple portals
Create a portal
Copy a portal
Select a default portal
Edit portal settings
Delete a portal
Configure authentication credentials
Portal configuration - version 1 settings
Content fields
Global properties
Registration
Authentication
Remediation
VPN portal
Isolation portal
Dead end portal
Policy failure portal
Agent portal
EasyConnect portal
Host Inventory Portal
Device profiler
Process
Implementation
Rules
Managing rules
Best practices
Adding a rule
Deleting a rule
Copying a rule
Evaluating rogue hosts
WinRM Device Profile Requirements and Setup
Profiles for device managers
Add an administrator
Events and alarms
Profiled devices
Monitor devices
View and register known devices
Learning about hosts on the network
Isolate unknown devices
Control access based on device types
View logs and reports
FortiGate sessions
Policies
Policy assignment
Policy details
Policy simulator
User/host profiles
Filter example
Profile example
Profiles in use
Delete a profile
Portal policies
Implementation
Manage policies
Add or modify a policy
Delete a policy
Authentication policies
Manage policies
Add or modify a policy
Delete a policy
When no profile or policy exists
Authentication configurations
Add or modify a policy
Delete a configuration
Network access policies
Implementation
Manage policies
Add or modify a policy
Delete a policy
Network access configurations
Add or modify a configuration
Configurations in use
Delete a configuration
Endpoint compliance policies
Determining host operating system
Add or modify a policy
Delete a policy
Endpoint compliance configurations
Add or modify a configuration
Configurations in use
Delete a configuration
Chaining configuration scans
Supplicant EasyConnect policies
Requirements
Manage policies
Add or modify a policy
Delete a policy
Supplicant configurations
Add or modify a configuration
Configurations in use
Delete a configuration
Remediation configurations
Add a scan
View scan status
Clear scanned hosts list
Modify or remove a scan
Scans
Scan on connect
Scan hosts without enforcing remediation
Delayed remediation
Add or modify a scan
Delete a scan
Scans in use
Schedule a scan
Custom scans
Create a scan
Scan categories
Windows
macOS
Linux
Severity level
Use case
Scan parameters
Antivirus parameters - Windows
Antivirus parameters - macOS
Operating system parameters - Windows
Operating systems parameters - macOS
Endpoint compliance
Implementation
Agent overview
Dissolvable Agent
Passive Agent
Registration
Manage configurations
Add or modify configuration
Delete configuration
Copy configuration
IP ranges
Test a directory user
Administrative templates for GPO
CLI arguments
Persistent Agent
Installion for Windows
Installation for macOS
Installation for Linux
Using the Persistent Agent
Using Windows domain logon credentials
GPO settings for high availability
Certificate validation
Upgrade the Persistent Agent
Logging
Mobile Agent
Agent server communications
SSL certificates
DNS server configuration
Agent server discovery
Persistent Agent on Windows
Persistent Agent on macOS
Persistent Agent on Linux
Host logging for agent security
Auto-definition updates
Role management
Configuration
Assigning roles
Roles view
Add a role
Modify or delete roles
Role in use
Network device roles
Add role mappings
Modify or delete role mapping
Guest manager
Implementation
Guest/contractor templates
Visitor types
Create templates
Endpoint compliance policies for guests
Modify templates
Copy templates
Delete templates
Administrator profile
Add a guest manager profile
Add a guest kiosk profile
Add a guest self registration profile
Administrators
Portal page setup
Printer settings for guest badges
Events and alarms
Sponsors
Guest/contractor accounts
Create guest/contractor accounts
Create bulk or multiple accounts
Bulk guest import
Provide login information
Conference accounts
Guest account details
Guest/contractor login
Using a kiosk
Kiosk browser
Log into a kiosk
Account creation
Account activation
Kiosk shut down
Guest self registration
Requesting an account
Approve or deny a request
Configure the email link
Self registration requests
Automated Threat Response (ATR)
Implementation
Security rules
Add or modify a rule
Delete a rule
Triggers
Add a trigger
Delete a trigger
Add or modify filters
Delete a filter
Security actions
Add or modify an action
Delete an action
Add or modify activities
Delete an activity
Security alarms
Security events
Vendor severity levels
User View
Configure table columns and tooltips
Search settings
User drill-down
User properties
Add or modify a user
Delete a user
Add users to groups
Group membership
Guest account details
Set user expiration date
Administrator profiles
Default administrator profiles
Permissions list
Add an administrator profile
Modify administrator profiles
Delete an administrator profile
Copy an administrator profile
Administrator profile mappings
Mappings process
Add or modify a mapping
Delete a mapping
Administrators
Add an administrator
Modify an administrator
Delete an administrator
Copy an administrator
Modify an administrator profile
User theme
Limit access with groups
Set privileges based on directory groups
Add administrators to groups
Group membership
Configure secure mode
Import and export data
Import archived data
Import hosts, users or devices
Sample import files
Import from a .csv file
Import from a previous version
Import an administrator
Import IP ranges
CLI import tool
Create .csv files for device import
Import devices with the CLI tool
Import port descriptions
Export data
Topology
Topology tree contact status
Network summary
Customer icon
Configure container for devices
Rename the customer icon
Container icon
Add or modify a device
Add or modify a pingable device
Add or modify the Palo Alto User-ID agent as a pingable
Convert all pingables to hosts
Discovery
Discovery results
Device view
Delete a device
Replace a device using the same IP address
Convert devices to hosts
Device group membership
Local management
Move a device to a different container
Network access/VLANs
Poll for contact status
Poll for L2 (hosts) information
L2 polling
L3 polling
Ports and hosts
Device properties
Modify multiple device properties
Pingable device properties
Resync interfaces
View role membership
Set device mapping for unknown SNMP devices
Update device mapping
Firewall session polling
Modifying Switch Components in a Stack
Device configuration
Delete a device
Resync interfaces
Model configuration
Global model configuration
Set CDP polling
Wired devices and 802.1X
Secure port/static port overview
Ports view
Update ports view
View connection details
Add ports to groups
Modify multiple ports
Group membership
Remove ports from multiple groups
Port properties
Port uplink types
SSID view
SSID configuration
Modify multiple SSIDs
Logical networks
Configuring logical networks
Assigning access values and CLI configurations
Configuring network access policies
Hosts, adapters, and applications
USB/Thunderbolt external Ethernet adapters
Host View
Settings
Drill-down settings
Properties
Host health and scanning
Application inventory
Add or modify a host
Delete a host
Enable or disable hosts
Add IP phones
Add hosts to groups
Group membership
Register a host as a device
Run the agentless scanner
Set host expiration date
Send a message to a host
Host registration and user authentication
Adapter View
View and search settings
Properties
Device identity
Enable or disable an adapter
Modify an adapter
Aging out host or user records
Application view
Device identity
Containers
Configure container for devices
Network devices
Network device groups
Groups view
Add groups
Copy a group
Delete a group
Limit user access with groups
Modify a group
Group membership
Show group members
Group in use
Aging hosts in a group
System groups
Customer defined groups
Admin auditing
Configuration
Accessing the auditing log
Scheduler
Add a task
Add other scheduled tasks
Copy a task
Delete a task
Modify a task
Run task now
Event management
Enable and disable events
Event thresholds
Log events to an external log host
Examples of syslog messages
View events currently mapped to alarms
Events
Event notes
Events and alarms list
Alarms
Show or hide alarm details
Map events to alarms
Add or modify alarm mapping
Bulk modify alarm mappings
Delete alarm mapping
Reports
Standard report templates
Preview standard report templates
Guest registrations report
Registrations report
Scan results report
Custom reports
Add a custom report
Preview a custom report
Modify a custom report
Remove a custom report
Schedule reports
Archived reports
Scan results view
Show details
Archive and clear all scans
Archive and clear selected scans
Connections
CLI configuration
Configuration in use
Show configuration
Port based and host based configurations
Add or modify a configuration
Sample configurations
Implement configurations
Apply a port based configuration via model configuration
Apply a host based configuration via the model configuration
Apply a CLI configuration using a role
Apply a CLI configuration using a network access policy
Apply a CLI configuration using a scheduled task
Port changes view
Requirements for ACL based configurations
Create the Cisco extended ACL
Apply the ACL to the physical interface
Poll the switch/router
High availability
Server communication
Using a shared IP address (Layer 2)
Servers on different subnets (Layer 3)
Connectivity configuration
Primary and secondary configuration
Update software
High availability concepts
Startup
Monitor
Control sequence
Recovery
Stop the primary server
Troubleshooting tips
Determine which appliance has the shared IP
Determine appliance status
Confirm database replication
Verify license key
Receive data from external devices
Send SMS messages
Wireless security
Auto-configured data
SSID mappings
Secure SSID for guest management
Open SSID for guest management
Secure SSID for device onboarding
Open SSID for device onboarding
REST API
API URLs
Alarms
Specific alarm
Acknowledge alarm
Containers - bulk
Specific container
Control tasks
Control task items
Control task - scan by endpoint ID
Device identities
Specific device identity
Profiled devices
Specific profiled devices
Register a profiled device
Device profiling rules
Specific device profiling rule
Endpoint
Specific endpoint
Endpoints - bulk
Specific endpoint adapter
Add or update an endpoint - FORM
Add or update an dndpoint - JSON/XML
Bulk add or update endpoints - JSON/XML
Events
Specific event
Group
Specific group
Add or update a group
Delete a group
Specific network device
Network devices - bulk
Specific network port
Service
Scheduled tasks
Run a scheduled task
Specific scheduled task
Users
Add or update a user
Add or update a user - FORM
Add or update a user - JSON/XML
Vendor OUIs
Specific vendor OUI
Troubleshooting REST API
Home
FortiNAC 8.6.0
Administration Guide
8.6.0
9.4.0
9.2.0
9.1.0
8.8.0
8.7.0
8.6.0
8.5.2
8.3.0
Run task now
Run task now
To run a scheduled action at any time:
Select
System > Scheduler
.
Use the filters to display a list of tasks.
Click the task to select it.
Click
Run Now
.
Previous
Next
Run task now
Run task now
To run a scheduled action at any time:
Select
System > Scheduler
.
Use the filters to display a list of tasks.
Click the task to select it.
Click
Run Now
.
Previous
Next
Home
Product Pillars
Network Security
Network Security
FortiGate / FortiOS
FortiGate 5000
FortiGate 6000
FortiGate 7000
FortiProxy
NOC & SOC Management
FortiManager
FortiManager Cloud
FortiAnalyzer
FortiAnalyzer Cloud
FortiMonitor
FortiGate Cloud
Enterprise Networking
Secure SD-WAN
FortiLAN Cloud
FortiSwitch
FortiAP / FortiWiFi
FortiAP-U Series
FortiNAC-F
FortiExtender
FortiExtender Cloud
FortiAIOps
Business Communications
FortiFone
FortiVoice
FortiVoice Cloud
FortiRecorder
FortiCamera
Zero Trust Access
ZTNA
Zero Trust Network Access
FortiClient EMS
SASE
FortiSASE
Identity
FortiAuthenticator
FortiTrust Identity
FortiToken Cloud
FortiToken
Cloud Security
Hybrid Cloud Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiFlex
Cloud Native Protection
FortiCNP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiWeb Cloud
FortiADC
FortiGSLB
FortiGuard ABP
SAAS Security
FortiMail
FortiMail Cloud
FortiCASB
Security Operations
SOC Platform
FortiAnalyzer
FortiAnalyzer Cloud
FortiSIEM
/
FortiSIEM Cloud
FortiSOAR
FortiPhish
Advanced Threat Protection
FortiSandbox
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiInsight
FortiInsight Cloud
FortiIsolator
Endpoint Security
FortiClient
FortiClient Cloud
FortiEDR
Best Practices
Solution Hubs
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Next Generation Firewall
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
4-D Resources
Secure SD-WAN
Zero Trust Network Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Hardware Guides
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP / FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiCache
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
Product A-Z
AscenLink
AV Engine
AWS Firewall Rules
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAP / FortiWiFi
FortiAP-U Series
FortiAuthenticator
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiAuthProxy
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCASB
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiCNP
FortiConnect
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiCSPM
FortiCWP
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiEdge Cloud
FortiEDR/XDR
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate Cloud
FortiGate CNF
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGSLB
FortiGuard Advanced Bot Protection
FortiGuest
FortiHypervisor
FortiInsight
FortiInsight Cloud
FortiIPAM
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail
FortiMail Cloud
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRecon
FortiRecorder
FortiRPS
FortiSandbox
FortiSandbox Cloud
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSASE
FortiScanner
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSwitch
FortiSwitch Manager
FortiTap
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiToken Cloud
FortiTrust Identity
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWeb
FortiWeb Cloud
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiWLM
FortiZTP
IPS Engine
Lacework FortiCNAPP
Managed FortiGate Service
Overlay-as-a-Service
Security Awareness and Training
SOCaaS
Wireless Controller
Ordering Guides
Download PDF
Table of Contents
What's new in FortiNAC 8.6.0
FortiNAC
Introduction
DNS configuration
IPv6 support
Login procedure
Connection errors
Internet access
Licenses
Events and alarms
FortiNAC Control Manager
Evaluation license keys
Navigation
Filters
Search
Search and filter options
Find containers or devices
Menus
Manage bookmarks
User preferences
Passwords
Time stamps and time zones
Analytics
Icons
Certificates
Manage hosts and ports
Locate
Guest accounts
Send messages to hosts
Dashboard
Adding panels
Alarms
Host Summary
User Summary
Network Device Summary
License Information
Performance
Persistent Agent Summary
Security Summary
Scans
Summary
Views
Settings
Control
Access point management
Allowed domains
Web proxy
Quarantine
Identification
NAT detection
Rogue DHCP server detection
Vendor OUIs
Network device
Persistent Agent settings
Global updates
Credential configuration
Security management
Status notifications
Transport configurations
USB detection
Reports
Security
Portal SSL
Certificate management
System communication
Email settings
Log receivers
MDM services
Mobile providers
Patch management
Proxy settings
SNMP
Syslog management
Security event parsers
Trap MIB files
Vulnerability scanner
System management
Database archive
Backup or restore a database
License management
NTP and time zone
High availability
Power management
Backup to a remote server
System backups
Updates
Agent packages
Updating CentOS
System update
User/host management
Aging
Allowed hosts
Device profiler
MAC address exclusion
Authentication
Automatic authentication
Google authentication
Google Developer's Console
Add or modify account settings
Enable push notifications
Directories
Requirements
Structure and synchronization
Configuration
Delete a directory
Schedule synchronization
Preview
Create a keystore for SSL or TLS
RADIUS
Manage settings
802.1x environments
Order of precedence
Configure RADIUS settings
Set defaults
Set domain mappings
Configure local domain list
Failover process
Validate redundant RADIUS
Roaming guests
Portal configuration
Splash page
Portal content editor
Edit style sheets
Export portal content
Import portal content
Upload images
Sample portal page
Using special characters
Configuration
Host inventory
Multiple portals
Create a portal
Copy a portal
Select a default portal
Edit portal settings
Delete a portal
Configure authentication credentials
Portal configuration - version 1 settings
Content fields
Global properties
Registration
Authentication
Remediation
VPN portal
Isolation portal
Dead end portal
Policy failure portal
Agent portal
EasyConnect portal
Host Inventory Portal
Device profiler
Process
Implementation
Rules
Managing rules
Best practices
Adding a rule
Deleting a rule
Copying a rule
Evaluating rogue hosts
WinRM Device Profile Requirements and Setup
Profiles for device managers
Add an administrator
Events and alarms
Profiled devices
Monitor devices
View and register known devices
Learning about hosts on the network
Isolate unknown devices
Control access based on device types
View logs and reports
FortiGate sessions
Policies
Policy assignment
Policy details
Policy simulator
User/host profiles
Filter example
Profile example
Profiles in use
Delete a profile
Portal policies
Implementation
Manage policies
Add or modify a policy
Delete a policy
Authentication policies
Manage policies
Add or modify a policy
Delete a policy
When no profile or policy exists
Authentication configurations
Add or modify a policy
Delete a configuration
Network access policies
Implementation
Manage policies
Add or modify a policy
Delete a policy
Network access configurations
Add or modify a configuration
Configurations in use
Delete a configuration
Endpoint compliance policies
Determining host operating system
Add or modify a policy
Delete a policy
Endpoint compliance configurations
Add or modify a configuration
Configurations in use
Delete a configuration
Chaining configuration scans
Supplicant EasyConnect policies
Requirements
Manage policies
Add or modify a policy
Delete a policy
Supplicant configurations
Add or modify a configuration
Configurations in use
Delete a configuration
Remediation configurations
Add a scan
View scan status
Clear scanned hosts list
Modify or remove a scan
Scans
Scan on connect
Scan hosts without enforcing remediation
Delayed remediation
Add or modify a scan
Delete a scan
Scans in use
Schedule a scan
Custom scans
Create a scan
Scan categories
Windows
macOS
Linux
Severity level
Use case
Scan parameters
Antivirus parameters - Windows
Antivirus parameters - macOS
Operating system parameters - Windows
Operating systems parameters - macOS
Endpoint compliance
Implementation
Agent overview
Dissolvable Agent
Passive Agent
Registration
Manage configurations
Add or modify configuration
Delete configuration
Copy configuration
IP ranges
Test a directory user
Administrative templates for GPO
CLI arguments
Persistent Agent
Installion for Windows
Installation for macOS
Installation for Linux
Using the Persistent Agent
Using Windows domain logon credentials
GPO settings for high availability
Certificate validation
Upgrade the Persistent Agent
Logging
Mobile Agent
Agent server communications
SSL certificates
DNS server configuration
Agent server discovery
Persistent Agent on Windows
Persistent Agent on macOS
Persistent Agent on Linux
Host logging for agent security
Auto-definition updates
Role management
Configuration
Assigning roles
Roles view
Add a role
Modify or delete roles
Role in use
Network device roles
Add role mappings
Modify or delete role mapping
Guest manager
Implementation
Guest/contractor templates
Visitor types
Create templates
Endpoint compliance policies for guests
Modify templates
Copy templates
Delete templates
Administrator profile
Add a guest manager profile
Add a guest kiosk profile
Add a guest self registration profile
Administrators
Portal page setup
Printer settings for guest badges
Events and alarms
Sponsors
Guest/contractor accounts
Create guest/contractor accounts
Create bulk or multiple accounts
Bulk guest import
Provide login information
Conference accounts
Guest account details
Guest/contractor login
Using a kiosk
Kiosk browser
Log into a kiosk
Account creation
Account activation
Kiosk shut down
Guest self registration
Requesting an account
Approve or deny a request
Configure the email link
Self registration requests
Automated Threat Response (ATR)
Implementation
Security rules
Add or modify a rule
Delete a rule
Triggers
Add a trigger
Delete a trigger
Add or modify filters
Delete a filter
Security actions
Add or modify an action
Delete an action
Add or modify activities
Delete an activity
Security alarms
Security events
Vendor severity levels
User View
Configure table columns and tooltips
Search settings
User drill-down
User properties
Add or modify a user
Delete a user
Add users to groups
Group membership
Guest account details
Set user expiration date
Administrator profiles
Default administrator profiles
Permissions list
Add an administrator profile
Modify administrator profiles
Delete an administrator profile
Copy an administrator profile
Administrator profile mappings
Mappings process
Add or modify a mapping
Delete a mapping
Administrators
Add an administrator
Modify an administrator
Delete an administrator
Copy an administrator
Modify an administrator profile
User theme
Limit access with groups
Set privileges based on directory groups
Add administrators to groups
Group membership
Configure secure mode
Import and export data
Import archived data
Import hosts, users or devices
Sample import files
Import from a .csv file
Import from a previous version
Import an administrator
Import IP ranges
CLI import tool
Create .csv files for device import
Import devices with the CLI tool
Import port descriptions
Export data
Topology
Topology tree contact status
Network summary
Customer icon
Configure container for devices
Rename the customer icon
Container icon
Add or modify a device
Add or modify a pingable device
Add or modify the Palo Alto User-ID agent as a pingable
Convert all pingables to hosts
Discovery
Discovery results
Device view
Delete a device
Replace a device using the same IP address
Convert devices to hosts
Device group membership
Local management
Move a device to a different container
Network access/VLANs
Poll for contact status
Poll for L2 (hosts) information
L2 polling
L3 polling
Ports and hosts
Device properties
Modify multiple device properties
Pingable device properties
Resync interfaces
View role membership
Set device mapping for unknown SNMP devices
Update device mapping
Firewall session polling
Modifying Switch Components in a Stack
Device configuration
Delete a device
Resync interfaces
Model configuration
Global model configuration
Set CDP polling
Wired devices and 802.1X
Secure port/static port overview
Ports view
Update ports view
View connection details
Add ports to groups
Modify multiple ports
Group membership
Remove ports from multiple groups
Port properties
Port uplink types
SSID view
SSID configuration
Modify multiple SSIDs
Logical networks
Configuring logical networks
Assigning access values and CLI configurations
Configuring network access policies
Hosts, adapters, and applications
USB/Thunderbolt external Ethernet adapters
Host View
Settings
Drill-down settings
Properties
Host health and scanning
Application inventory
Add or modify a host
Delete a host
Enable or disable hosts
Add IP phones
Add hosts to groups
Group membership
Register a host as a device
Run the agentless scanner
Set host expiration date
Send a message to a host
Host registration and user authentication
Adapter View
View and search settings
Properties
Device identity
Enable or disable an adapter
Modify an adapter
Aging out host or user records
Application view
Device identity
Containers
Configure container for devices
Network devices
Network device groups
Groups view
Add groups
Copy a group
Delete a group
Limit user access with groups
Modify a group
Group membership
Show group members
Group in use
Aging hosts in a group
System groups
Customer defined groups
Admin auditing
Configuration
Accessing the auditing log
Scheduler
Add a task
Add other scheduled tasks
Copy a task
Delete a task
Modify a task
Run task now
Event management
Enable and disable events
Event thresholds
Log events to an external log host
Examples of syslog messages
View events currently mapped to alarms
Events
Event notes
Events and alarms list
Alarms
Show or hide alarm details
Map events to alarms
Add or modify alarm mapping
Bulk modify alarm mappings
Delete alarm mapping
Reports
Standard report templates
Preview standard report templates
Guest registrations report
Registrations report
Scan results report
Custom reports
Add a custom report
Preview a custom report
Modify a custom report
Remove a custom report
Schedule reports
Archived reports
Scan results view
Show details
Archive and clear all scans
Archive and clear selected scans
Connections
CLI configuration
Configuration in use
Show configuration
Port based and host based configurations
Add or modify a configuration
Sample configurations
Implement configurations
Apply a port based configuration via model configuration
Apply a host based configuration via the model configuration
Apply a CLI configuration using a role
Apply a CLI configuration using a network access policy
Apply a CLI configuration using a scheduled task
Port changes view
Requirements for ACL based configurations
Create the Cisco extended ACL
Apply the ACL to the physical interface
Poll the switch/router
High availability
Server communication
Using a shared IP address (Layer 2)
Servers on different subnets (Layer 3)
Connectivity configuration
Primary and secondary configuration
Update software
High availability concepts
Startup
Monitor
Control sequence
Recovery
Stop the primary server
Troubleshooting tips
Determine which appliance has the shared IP
Determine appliance status
Confirm database replication
Verify license key
Receive data from external devices
Send SMS messages
Wireless security
Auto-configured data
SSID mappings
Secure SSID for guest management
Open SSID for guest management
Secure SSID for device onboarding
Open SSID for device onboarding
REST API
API URLs
Alarms
Specific alarm
Acknowledge alarm
Containers - bulk
Specific container
Control tasks
Control task items
Control task - scan by endpoint ID
Device identities
Specific device identity
Profiled devices
Specific profiled devices
Register a profiled device
Device profiling rules
Specific device profiling rule
Endpoint
Specific endpoint
Endpoints - bulk
Specific endpoint adapter
Add or update an endpoint - FORM
Add or update an dndpoint - JSON/XML
Bulk add or update endpoints - JSON/XML
Events
Specific event
Group
Specific group
Add or update a group
Delete a group
Specific network device
Network devices - bulk
Specific network port
Service
Scheduled tasks
Run a scheduled task
Specific scheduled task
Users
Add or update a user
Add or update a user - FORM
Add or update a user - JSON/XML
Vendor OUIs
Specific vendor OUI
Troubleshooting REST API