Fortinet Document Library

Version:

Version:


Table of Contents

Administration Guide

Download PDF
Copy Link

Add or modify a pingable device

Use the Add Pingable Device option to add hubs, IPS/IDS, printers, servers, wireless access points and other pingable devices to a container. The Physical Address (MAC) is required when creating pingable devices if the IP to MAC cannot be resolved when the ARP tables are read.

Note

A device must be given a unique name in order to appear in Topology. You cannot add devices with duplicate names.

  1. Click Network Devices > Topology.
  2. Select the Container icon.
  3. Right-click a container and select Add Pingable Device or right-click on a pingable device in the Devices tab and select Modify.
  4. From the drop-down menu select the Container where this device will be stored. You can use the icon next to the Container field to add a new container.
  5. Use the tables below to create or modify the pingable device.
  6. Click OK.
Element tab settings

Field

Definition

Container

Container in the Topology where this device is stored.

Name

Name of the device

IP address

IP address of the device

Physical Address

The MAC address of the device.

Appears in the view only when the device is a pingable.

Device Type

Select the device type from the drop-down list.

Incoming Events

  • Not Applicable
  • Syslog
  • Security Events
    Available when ATR is configured.

When Syslog is selected, available syslog files appear that can be used by FortiNAC to parse information received from the external devices and generate an event.

When Security Events is selected, available security event parsers appear that can be used by FortiNAC to parse information received from the external devices and generate a security event.

See Security event parsers.

SSO Agent

  • Not Applicable
  • Custom Script
  • Palo Alto
  • RADIUS
  • iboss

Custom Script

Displayed when Custom Script is selected in the SSO Agent field. Allows you to write and select a script that will integrate with a SSO Agent that is not currently supported.

Apply to Group

Select this check box to apply the Custom Script SSO options only to the selected Host group in the drop-down list. If you do not select the check box, the SSO options are applied to all Host groups.

RADIUS Accounting Port

Displayed when RADIUS is selected in the SSO Agent field. Port on the Fortinet Single Sign-On User Agent configured to receive RADIUS Accounting messages from external devices. This port must match the port configured in Fortinet.

RADIUS Secret

Displayed when RADIUS is selected in the SSO Agent field. Must match the RADIUS secret configured for FortiNAC in Fortinet.

Apply to Group

Select this check box to apply the RADIUS SSO options only to the selected Host group in the drop-down list. If you do not select the check box, the SSO options are applied to all Host groups.

XML API Port

Displayed when Palo Alto User Agent is selected in the SSO Agent field. Port on the Palo Alto User Agent configured to receive messages from external devices. This port must match the XML API port configured on the Palo Alto User Agent.

See Add or modify the Palo Alto User-ID agent as a pingable.

Domain Name

Displayed when Palo Alto User Agent is selected in the SSO Agent field. FQDN for your network users' domain. This is sent with the logged in user ID to Palo Alto.

Use Integrated Agent

When selected, FortiNAC will integrate with the firewall directly.

API Key

Displayed when the Use Integrated Agent check box is selected. Enter the API Key value. The key can be retrieved manually or by select Retrieve.

Apply to Group

Select this check box to apply the Palo Alto SSO options only to the selected Host group in the drop-down list. If you do not select the check box, the SSO options are applied to all Host groups.

iboss Port

Displayed when iboss is selected in the SSO Agent field. The iboss port is the iboss HTTP port that is used to talk to the iboss SSO agent. The iboss port is defined in the iboss SSO GUI.

iboss Key

Displayed when iboss is selected in the SSO Agent field. The iboss key is a security key used to talk to the iboss SSO agent.The iboss key is defined in the iboss SSO GUI.

iboss Domain

Displayed when iboss is selected in the SSO Agent field. The iboss Domain is a required field that allows the user to enter their Active Directory domain name.

Apply to Group

Select this check box to apply the iboss SSO options only to the selected Host group in the drop-down list. If you do not select the check box, the SSO options are applied to all Host groups.

Role

The Role for this device. Available roles appear in the drop-down list.

Description

Description of the device entered by the Administrator.

Note

User specified notes about the device.

Contact Status Polling

Enable or disable contact status polling for the selected device.

Poll Interval

Determines how often the device should be polled for communication status. Time is stored in minutes.

Poll Now

Polls the device immediately for contact status.

Last Successful Poll

Date and time that the device was last polled successfully.

Last Attempted Poll

Date and time that the device was last polled.

Details tab settings

Field

Definition

Host Name

Name of the device.

Department

Name of the department.

Owner

Name of the owner of the device.

Administrative Contact

Administrative contact person for the device.

Geographical Location

Geographical location of the device (for example, Res Hall A, Equipment Closet 1st Floor, Rack 2, Unit 3).

Business Purpose

Business purpose of the device.

BOOTP Address

IP address for the BOOTP Protocol.

Print Queue

Name of the print queue for the device.

Add or modify a pingable device

Use the Add Pingable Device option to add hubs, IPS/IDS, printers, servers, wireless access points and other pingable devices to a container. The Physical Address (MAC) is required when creating pingable devices if the IP to MAC cannot be resolved when the ARP tables are read.

Note

A device must be given a unique name in order to appear in Topology. You cannot add devices with duplicate names.

  1. Click Network Devices > Topology.
  2. Select the Container icon.
  3. Right-click a container and select Add Pingable Device or right-click on a pingable device in the Devices tab and select Modify.
  4. From the drop-down menu select the Container where this device will be stored. You can use the icon next to the Container field to add a new container.
  5. Use the tables below to create or modify the pingable device.
  6. Click OK.
Element tab settings

Field

Definition

Container

Container in the Topology where this device is stored.

Name

Name of the device

IP address

IP address of the device

Physical Address

The MAC address of the device.

Appears in the view only when the device is a pingable.

Device Type

Select the device type from the drop-down list.

Incoming Events

  • Not Applicable
  • Syslog
  • Security Events
    Available when ATR is configured.

When Syslog is selected, available syslog files appear that can be used by FortiNAC to parse information received from the external devices and generate an event.

When Security Events is selected, available security event parsers appear that can be used by FortiNAC to parse information received from the external devices and generate a security event.

See Security event parsers.

SSO Agent

  • Not Applicable
  • Custom Script
  • Palo Alto
  • RADIUS
  • iboss

Custom Script

Displayed when Custom Script is selected in the SSO Agent field. Allows you to write and select a script that will integrate with a SSO Agent that is not currently supported.

Apply to Group

Select this check box to apply the Custom Script SSO options only to the selected Host group in the drop-down list. If you do not select the check box, the SSO options are applied to all Host groups.

RADIUS Accounting Port

Displayed when RADIUS is selected in the SSO Agent field. Port on the Fortinet Single Sign-On User Agent configured to receive RADIUS Accounting messages from external devices. This port must match the port configured in Fortinet.

RADIUS Secret

Displayed when RADIUS is selected in the SSO Agent field. Must match the RADIUS secret configured for FortiNAC in Fortinet.

Apply to Group

Select this check box to apply the RADIUS SSO options only to the selected Host group in the drop-down list. If you do not select the check box, the SSO options are applied to all Host groups.

XML API Port

Displayed when Palo Alto User Agent is selected in the SSO Agent field. Port on the Palo Alto User Agent configured to receive messages from external devices. This port must match the XML API port configured on the Palo Alto User Agent.

See Add or modify the Palo Alto User-ID agent as a pingable.

Domain Name

Displayed when Palo Alto User Agent is selected in the SSO Agent field. FQDN for your network users' domain. This is sent with the logged in user ID to Palo Alto.

Use Integrated Agent

When selected, FortiNAC will integrate with the firewall directly.

API Key

Displayed when the Use Integrated Agent check box is selected. Enter the API Key value. The key can be retrieved manually or by select Retrieve.

Apply to Group

Select this check box to apply the Palo Alto SSO options only to the selected Host group in the drop-down list. If you do not select the check box, the SSO options are applied to all Host groups.

iboss Port

Displayed when iboss is selected in the SSO Agent field. The iboss port is the iboss HTTP port that is used to talk to the iboss SSO agent. The iboss port is defined in the iboss SSO GUI.

iboss Key

Displayed when iboss is selected in the SSO Agent field. The iboss key is a security key used to talk to the iboss SSO agent.The iboss key is defined in the iboss SSO GUI.

iboss Domain

Displayed when iboss is selected in the SSO Agent field. The iboss Domain is a required field that allows the user to enter their Active Directory domain name.

Apply to Group

Select this check box to apply the iboss SSO options only to the selected Host group in the drop-down list. If you do not select the check box, the SSO options are applied to all Host groups.

Role

The Role for this device. Available roles appear in the drop-down list.

Description

Description of the device entered by the Administrator.

Note

User specified notes about the device.

Contact Status Polling

Enable or disable contact status polling for the selected device.

Poll Interval

Determines how often the device should be polled for communication status. Time is stored in minutes.

Poll Now

Polls the device immediately for contact status.

Last Successful Poll

Date and time that the device was last polled successfully.

Last Attempted Poll

Date and time that the device was last polled.

Details tab settings

Field

Definition

Host Name

Name of the device.

Department

Name of the department.

Owner

Name of the owner of the device.

Administrative Contact

Administrative contact person for the device.

Geographical Location

Geographical location of the device (for example, Res Hall A, Equipment Closet 1st Floor, Rack 2, Unit 3).

Business Purpose

Business purpose of the device.

BOOTP Address

IP address for the BOOTP Protocol.

Print Queue

Name of the print queue for the device.