Fortinet black logo

Administration Guide

Scan on connect

Copy Link
Copy Doc ID 8bec453a-b242-11e9-a989-00505692583a:862957
Download PDF

Scan on connect

FortiNAC allows you to configure Scans that scan hosts each time they connect to the network. The Scan on Connect option is enabled on individual Scans. You may have hosts that are scanned each time they connect and hosts with a different Scan that are scanned periodically.

Note

Scan on Connect can only be used on registered hosts that have the Persistent Agent installed. If you are using the Dissolvable Agent, this option is ignored.

When a host connects to the network, FortiNAC determines which endpoint compliance policy should be applied to this host based on the criteria in the associated user/host profile. If a registered host has the Persistent Agent installed and Scan on Connect is enabled for the Scan that applies to this host, then the host is scanned. When the host disconnects from the network, the Persistent Agent modifies that host's Scan on Connect status to indicate that the host should be scanned again the next time it connects. If the host has more than one interface, such as wired and wireless, the host is scanned regardless of which one is used.

Note

A rescan happens any time FortiNAC detects that the host has come online and the agent has communicated with the server, such as when a switch sends a linkdown/linkup trap.

To enable Scan on Connect you must go to the Scans window, select the appropriate Scan and enable the option. See Add or modify a scan for step-by-step instructions on creating a Scan and enabling Scan on Connect.

Scan on connect

FortiNAC allows you to configure Scans that scan hosts each time they connect to the network. The Scan on Connect option is enabled on individual Scans. You may have hosts that are scanned each time they connect and hosts with a different Scan that are scanned periodically.

Note

Scan on Connect can only be used on registered hosts that have the Persistent Agent installed. If you are using the Dissolvable Agent, this option is ignored.

When a host connects to the network, FortiNAC determines which endpoint compliance policy should be applied to this host based on the criteria in the associated user/host profile. If a registered host has the Persistent Agent installed and Scan on Connect is enabled for the Scan that applies to this host, then the host is scanned. When the host disconnects from the network, the Persistent Agent modifies that host's Scan on Connect status to indicate that the host should be scanned again the next time it connects. If the host has more than one interface, such as wired and wireless, the host is scanned regardless of which one is used.

Note

A rescan happens any time FortiNAC detects that the host has come online and the agent has communicated with the server, such as when a switch sends a linkdown/linkup trap.

To enable Scan on Connect you must go to the Scans window, select the appropriate Scan and enable the option. See Add or modify a scan for step-by-step instructions on creating a Scan and enabling Scan on Connect.