Fortinet black logo

Administration Guide

Endpoint compliance configurations

Copy Link
Copy Doc ID 2cb222d1-3405-11ea-9384-00505692583a:161887
Download PDF

Endpoint compliance configurations

Endpoint compliance configurations define agent and scan parameters for hosts and users. Hosts can be required to download an agent and undergo a scan, permitted access with no scan or denied access. The endpoint compliance configuration that is used for a particular host is determined by the pairing of an endpoint compliance configuration and a user/host profile within an endpoint compliance policy.

When a host is evaluated, the host, user and connection location are compared to each endpoint compliance policy starting with the first policy in the list. When a policy is found where the host and user data and the connection location match the user/host profile in the policy, that policy is assigned. The endpoint compliance configuration contained within that policy determines the security treatment received by the host.

Settings

An empty field in a column indicates that the option has not been set.

Field

Definition

Name

User defined name for the Configuration.

Scan

Name of the scan used to evaluate a connecting host.

Note

User specified note field. This field may contain notes regarding the conversion from a previous version of FortiNAC.

Collect Applications

If enabled, the agent assigned to the host will collect information about installed applications and add that information to the host record. An application inventory cannot be generated for a hosts unless an agent is in use.

Last Modified By

User name of the last user to modify the record.

Last Modified Date

Date and time of the last modification to this configuration.

Agent - OS

An Agent column is displayed for each operating system supported. The column contains the agent that will be used or treatment that applies to hosts with that operating system when the scan is applied. Some operating systems do not have agents and those hosts can only be allowed or denied access to the network. See Add or modify a configuration for information on the agent options for each operating system.

Right click options

Delete

Deletes the selected endpoint compliance configuration.

In Use

Indicates whether or not the selected configuration is currently being used by any other FortiNAC element. See Configurations in use.

Modify

Opens the Modify Endpoint Configuration window for the selected configuration.

Show Audit Log

Opens the admin auditing log showing all changes made to the selected item.

For information about the admin auditing log, see Admin auditing

Note

You must have permission to view the admin auditing log. See Add an administrator profile.

Buttons

Export

Exports the data displayed to a file in the default downloads location. File types include CSV, Excel, PDF, or RTF. See Export data.

Endpoint compliance configurations

Endpoint compliance configurations define agent and scan parameters for hosts and users. Hosts can be required to download an agent and undergo a scan, permitted access with no scan or denied access. The endpoint compliance configuration that is used for a particular host is determined by the pairing of an endpoint compliance configuration and a user/host profile within an endpoint compliance policy.

When a host is evaluated, the host, user and connection location are compared to each endpoint compliance policy starting with the first policy in the list. When a policy is found where the host and user data and the connection location match the user/host profile in the policy, that policy is assigned. The endpoint compliance configuration contained within that policy determines the security treatment received by the host.

Settings

An empty field in a column indicates that the option has not been set.

Field

Definition

Name

User defined name for the Configuration.

Scan

Name of the scan used to evaluate a connecting host.

Note

User specified note field. This field may contain notes regarding the conversion from a previous version of FortiNAC.

Collect Applications

If enabled, the agent assigned to the host will collect information about installed applications and add that information to the host record. An application inventory cannot be generated for a hosts unless an agent is in use.

Last Modified By

User name of the last user to modify the record.

Last Modified Date

Date and time of the last modification to this configuration.

Agent - OS

An Agent column is displayed for each operating system supported. The column contains the agent that will be used or treatment that applies to hosts with that operating system when the scan is applied. Some operating systems do not have agents and those hosts can only be allowed or denied access to the network. See Add or modify a configuration for information on the agent options for each operating system.

Right click options

Delete

Deletes the selected endpoint compliance configuration.

In Use

Indicates whether or not the selected configuration is currently being used by any other FortiNAC element. See Configurations in use.

Modify

Opens the Modify Endpoint Configuration window for the selected configuration.

Show Audit Log

Opens the admin auditing log showing all changes made to the selected item.

For information about the admin auditing log, see Admin auditing

Note

You must have permission to view the admin auditing log. See Add an administrator profile.

Buttons

Export

Exports the data displayed to a file in the default downloads location. File types include CSV, Excel, PDF, or RTF. See Export data.