Fortinet black logo

Administration Guide

Add or modify configuration

Copy Link
Copy Doc ID 2cb222d1-3405-11ea-9384-00505692583a:104510
Download PDF

Add or modify configuration

  1. Select Policy > Passive Agent Configuration.
  2. Click Add or select a configuration and click Modify.
  3. Refer to the table below for information on each option for this window.
  4. Click OK to save.

Agent selections contained within the endpoint compliance policy used to scan the host are ignored when the Passive Agent is used. The Passive Agent scan will only occur if there is a connected adapter, or if the scan name is provided in the Passive Registration Configuration.

Settings

Field

Definition

Enable

Enables or disables this configuration. Disabled configurations are ignored when a user logs onto the network.

Name

Name for the configuration.

Apply to Members of Group

Directory group to which this configuration will be applied. Users within this group are registered in FortiNAC and scanned based on the rules in the associated configuration.

If this is not enabled, the word Any is displayed on the list of configurations, indicating that directory group is not used to select the appropriate configuration. It is recommended that such a configuration be ranked at the end of the list as a catch all because it could apply to a large group of users.

Register As

Indicates whether the host will be registered as a host based on the login name of the user or based on the hostname as a device with no user association.

Scan Unless
Previously Scanned Within

Enables scanning. The time interval determines whether or not the host is scanned the next time the user logs on or off. For example, if the time interval is one hour and the user logs out after 30 minutes, the host is not scanned again. If the user remains logged out for two hours and then logs back in again, the host is scanned because the time interval has been exceeded. Only login and logout after the selected time interval has elapsed trigger scans.

System Assigned Scan

If this option is selected the endpoint compliance policy used to select the scan is determined by FortiNAC based on the user/host profile associated with the policy.

Specific Scan

If this option is selected the scan in the drop-down list is used to scan the host regardless of the host state. Scans in the drop-down list are created in Policy Configuration under Endpoint Compliance. See Add or modify a scan.

Add To Groups

FortiNAC groups to which hosts are added as they log in. If new groups are added to the list, the host is added the next time the user logs in. If groups are removed from this field, the host is not removed from those groups automatically. You must remove the host manually from the Groups View. See Groups view.

Click Select to view or modify the list of groups. On the Select Groups window, the All Groups column displays a list of available groups and the Selected Groups column displays a list of the groups to which hosts will be added. Use the arrows in the center of the window to move groups from one column to the other.

Add or modify configuration

  1. Select Policy > Passive Agent Configuration.
  2. Click Add or select a configuration and click Modify.
  3. Refer to the table below for information on each option for this window.
  4. Click OK to save.

Agent selections contained within the endpoint compliance policy used to scan the host are ignored when the Passive Agent is used. The Passive Agent scan will only occur if there is a connected adapter, or if the scan name is provided in the Passive Registration Configuration.

Settings

Field

Definition

Enable

Enables or disables this configuration. Disabled configurations are ignored when a user logs onto the network.

Name

Name for the configuration.

Apply to Members of Group

Directory group to which this configuration will be applied. Users within this group are registered in FortiNAC and scanned based on the rules in the associated configuration.

If this is not enabled, the word Any is displayed on the list of configurations, indicating that directory group is not used to select the appropriate configuration. It is recommended that such a configuration be ranked at the end of the list as a catch all because it could apply to a large group of users.

Register As

Indicates whether the host will be registered as a host based on the login name of the user or based on the hostname as a device with no user association.

Scan Unless
Previously Scanned Within

Enables scanning. The time interval determines whether or not the host is scanned the next time the user logs on or off. For example, if the time interval is one hour and the user logs out after 30 minutes, the host is not scanned again. If the user remains logged out for two hours and then logs back in again, the host is scanned because the time interval has been exceeded. Only login and logout after the selected time interval has elapsed trigger scans.

System Assigned Scan

If this option is selected the endpoint compliance policy used to select the scan is determined by FortiNAC based on the user/host profile associated with the policy.

Specific Scan

If this option is selected the scan in the drop-down list is used to scan the host regardless of the host state. Scans in the drop-down list are created in Policy Configuration under Endpoint Compliance. See Add or modify a scan.

Add To Groups

FortiNAC groups to which hosts are added as they log in. If new groups are added to the list, the host is added the next time the user logs in. If groups are removed from this field, the host is not removed from those groups automatically. You must remove the host manually from the Groups View. See Groups view.

Click Select to view or modify the list of groups. On the Select Groups window, the All Groups column displays a list of available groups and the Selected Groups column displays a list of the groups to which hosts will be added. Use the arrows in the center of the window to move groups from one column to the other.