Fortinet Document Library

Version:

Version:


Table of Contents

Administration Guide

Download PDF
Copy Link

Aging

FortiNAC manages registered hosts, unregistered (rogue) hosts and users. The settings on the Aging view determine how long host and user records remain in the FortiNAC database.

Age times are used to calculate the Expiration Date and the Inactivity Date displayed on the Host Properties window. Age times for users are used to calculate the Expiration Date on the User Properties window for both network users and administrators that are not set to Never Expire. Modifying age times on this window does not affect those hosts, users or administrators whose Expiration and Inactivity date fields already contain data.

Once the specified time has elapsed for a record, it is removed from the database. These age times are global. Age times are applied to hosts and users as they are created and added to the database and to existing hosts, users with no aging values set. Age times are applied to administrators with no aging values set that do not have the Never Expire option enabled.

Administrators that are assigned the System Administrator profile cannot be aged out.

Adding age times to existing hosts or users with no age times can cause some hosts or users to be removed from the database immediately, depending on the creation date of the database record. If, for example, the host or user creation date is 01/01/2010, today's date is 02/02/2010 and Days Valid is set to 5, then the Expiration Date calculated is 01/06/2010. The record is deleted immediately because the calculated expiration date has already passed.

To reset dates on existing records, you must clear the dates using Clear. Then, enter new age times on this window and click Save Settings.

If users or hosts are set to never expire, clearing and resetting age times does not affect those records.

Age times can be overridden individually on the User or Host Properties window. The Set Expiration options on the Properties window allow you to set records to Never Expire. You can also use these settings to manage guests who will have access to the network for a limited time.

Aging a large number of hosts or users at the same time can cause processing delays with FortiNAC if users attempt to re-register within a short period of time of each other. It is recommended that you stagger the aging times to reduce the number of possible re-registrations at any given time.

  1. Click System > Settings.
  2. Expand the User/Host Management folder.
  3. Select Aging from the tree.
  4. Modify the settings shown in the table below.
  5. Click Save Settings.
Settings

Field

Definition

Days Valid

Number of days a host record remains in the FortiNAC database before it is deleted. Host records are created when the host initially connects and is registered with the network.

Days Inactive

Number of days a host can be inactive before the host record is deleted from the database.

Clear Unregistered

Removes the Age Time Expiration Date and Inactivity Date that appears in the Host Properties for all unregistered hosts (i.e., a rogue).

Clear Registered

Removes the Age Time Expiration Date and Inactivity Date that appears in the Host Properties for all registered hosts, except those set to Never Expire.

Clear Registered also removes the Age Time Expiration Date and Inactivity Date for registered hosts with age times set based on group membership or set individually. You must set individual and group based age times again after using Clear Registered.

Delete hosts registered to user upon expiration

If enabled, all hosts associated with a user are removed from the database when the user ages out of the database.

Days Valid (Users)

Number of days a user record remains in the FortiNAC database before it is deleted. User records are created when the user registers a host.

Days Inactive (Users)

Number of days a user can be inactive before the user record is deleted from the database.

Clear Aging Values for All Users

Removes the Age Time Expiration Date that appears in the User Properties for all users, except those set to Never Expire.

The date on which the host record will be removed from the database is displayed in Properties. The date on which the user record will be removed from the database is displayed in User properties. The date on which an administrator will be removed from the database is displayed in Administrators.

Administrators never expire under any circumstances. These users must be removed manually from the Admin Users view.

If you leave these fields empty, global aging is disabled. Setting the value to zero causes the record to be removed the next time the server polls the network. See Aging out host or user records for additional information on aging.

Aging

FortiNAC manages registered hosts, unregistered (rogue) hosts and users. The settings on the Aging view determine how long host and user records remain in the FortiNAC database.

Age times are used to calculate the Expiration Date and the Inactivity Date displayed on the Host Properties window. Age times for users are used to calculate the Expiration Date on the User Properties window for both network users and administrators that are not set to Never Expire. Modifying age times on this window does not affect those hosts, users or administrators whose Expiration and Inactivity date fields already contain data.

Once the specified time has elapsed for a record, it is removed from the database. These age times are global. Age times are applied to hosts and users as they are created and added to the database and to existing hosts, users with no aging values set. Age times are applied to administrators with no aging values set that do not have the Never Expire option enabled.

Administrators that are assigned the System Administrator profile cannot be aged out.

Adding age times to existing hosts or users with no age times can cause some hosts or users to be removed from the database immediately, depending on the creation date of the database record. If, for example, the host or user creation date is 01/01/2010, today's date is 02/02/2010 and Days Valid is set to 5, then the Expiration Date calculated is 01/06/2010. The record is deleted immediately because the calculated expiration date has already passed.

To reset dates on existing records, you must clear the dates using Clear. Then, enter new age times on this window and click Save Settings.

If users or hosts are set to never expire, clearing and resetting age times does not affect those records.

Age times can be overridden individually on the User or Host Properties window. The Set Expiration options on the Properties window allow you to set records to Never Expire. You can also use these settings to manage guests who will have access to the network for a limited time.

Aging a large number of hosts or users at the same time can cause processing delays with FortiNAC if users attempt to re-register within a short period of time of each other. It is recommended that you stagger the aging times to reduce the number of possible re-registrations at any given time.

  1. Click System > Settings.
  2. Expand the User/Host Management folder.
  3. Select Aging from the tree.
  4. Modify the settings shown in the table below.
  5. Click Save Settings.
Settings

Field

Definition

Days Valid

Number of days a host record remains in the FortiNAC database before it is deleted. Host records are created when the host initially connects and is registered with the network.

Days Inactive

Number of days a host can be inactive before the host record is deleted from the database.

Clear Unregistered

Removes the Age Time Expiration Date and Inactivity Date that appears in the Host Properties for all unregistered hosts (i.e., a rogue).

Clear Registered

Removes the Age Time Expiration Date and Inactivity Date that appears in the Host Properties for all registered hosts, except those set to Never Expire.

Clear Registered also removes the Age Time Expiration Date and Inactivity Date for registered hosts with age times set based on group membership or set individually. You must set individual and group based age times again after using Clear Registered.

Delete hosts registered to user upon expiration

If enabled, all hosts associated with a user are removed from the database when the user ages out of the database.

Days Valid (Users)

Number of days a user record remains in the FortiNAC database before it is deleted. User records are created when the user registers a host.

Days Inactive (Users)

Number of days a user can be inactive before the user record is deleted from the database.

Clear Aging Values for All Users

Removes the Age Time Expiration Date that appears in the User Properties for all users, except those set to Never Expire.

The date on which the host record will be removed from the database is displayed in Properties. The date on which the user record will be removed from the database is displayed in User properties. The date on which an administrator will be removed from the database is displayed in Administrators.

Administrators never expire under any circumstances. These users must be removed manually from the Admin Users view.

If you leave these fields empty, global aging is disabled. Setting the value to zero causes the record to be removed the next time the server polls the network. See Aging out host or user records for additional information on aging.