Fortinet Document Library

Version:

Version:


Table of Contents

Administration Guide

Download PDF
Copy Link

Host registration and user authentication

A registered host is a device requiring network services that is displayed in the Host View and has an ID. Registered hosts have a record in the FortiNAC database and are known entities. There are several methods for registering hosts depending on the type of host.

  • Users connecting to the network with their computers or with a gaming device, such as an XBox, typically register their equipment through a web page. See
  • Rogue hosts connecting directly to the network, such as an alarm system or a security camera, can be registered automatically using device profiler or manually using the Register as Host or Register as Device options in the Host View. See Device profiler, Add or modify a host and Register a host as a device.
  • Hosts can be registered by importing their records from a .csv file into the database. See Import hosts, users or devices for more information.

Registered hosts have specific icons that represent the type of device or host that has been registered and their last known state. See Icons for a list of icons and their definitions.

If gaming devices are registered, they are automatically placed in the forced scan exceptions and forced authentication exceptions groups. This prevents them from being scanned or forced to authenticate when they are on the network.

An authenticated user is a network user that has entered a user name and password on a login page and been verified using an existing authentication method. Authentication methods include the local FortiNAC database, an LDAP directory, a RADIUS server or a combination in which a user is authenticated by a RADIUS server and registered using data in LDAP. An authenticated user has a specific icon in the user view that is separate from the icon representing their computer on the Host View.

A single computer can have more than one icon if it has more than one network interface. For example, if a user has a laptop computer with both wired and wireless access to the network, you may see several records and icons for that user and host combination. You will see one record in the user view for the user, one record in the Host View for the computer itself and two records in the adapter view for the wired and wireless adapters. The two network interfaces are called siblings because they reside on the same computer. If the host is disabled by FortiNAC both adapters are automatically disabled also. Adapters can be disabled individually if they are disabled manually.

Registration process

FortiNAC uses the host registration process to create registered hosts in its database. A registered host is a known entity that has an ID. Hosts can be computers, gaming devices, IP phones or any device that requires network services.

Existing host

A host attempts to connect to the network.

FortiNAC compares the host information with the host records in its database.

If the host record exists and has not been disabled, FortiNAC allows access to the network.

New host - captive portal

If the host record does not exist, a Registration web page is displayed, forcing the user to register the equipment.

The user selects the type of registration, such as guest, network user or gaming device.

On the next page, the user enters a user name and password. This provides identity for the computer or gaming device being registered.

If a computer is being registered, the security policy for this user may require that the user download an agent to scan the computer. See Determining host operating system.

When the computer has met all of the criteria of the scan, it is registered and allowed access to the network.

New host - Passive Agent registration

When a user logs onto or off of the network a Passive Agent is served to the user's computer.

The computer is scanned and registered. See Passive Agent.

Registration logs

FortiNAC generates a log entry for each host that registers. A new log file is created for each day. The log is a delimited text file. The file is stored in the /home/cm/registration directory. The file name is RegistrationLog.mm.dd.yyyy, such as RegistrationLog.03.15.2009. The record for each host contains the following information:

Settings

Data

Description

First Name

User’s first name as entered on the Registration page.

Last Name

User’s last name as entered on the Registration page.

Login

User’s login for the network.

Hardware Type

User’s hardware type; for example, wired, wireless.

Location

Hardware's location on your network.

IP address

The IP address assigned to the hardware’s location.

Physical Address

MAC address of the hardware.

E-Mail

The e-mail address to be used to contact the user.

Position/Grade

The position of the user; for example, Professor, or Administration. Or, the grade of the student; for example, year of graduation.

Address

User Contact information.

City

State

Zip/Postal Code

Phone

PC Name

The name of the PC.

PC Type

The type of the PC; for example, a server, laptop or desktop.

PC Serial Number

The serial number of the PC.

Registration Date/Time

The date and time the user and equipment were registered. The format is MM.DD.YYY HH:MM:SS AM(PM); for example: 09.05.2008 09:45:33 AM

Host registration and user authentication

A registered host is a device requiring network services that is displayed in the Host View and has an ID. Registered hosts have a record in the FortiNAC database and are known entities. There are several methods for registering hosts depending on the type of host.

  • Users connecting to the network with their computers or with a gaming device, such as an XBox, typically register their equipment through a web page. See
  • Rogue hosts connecting directly to the network, such as an alarm system or a security camera, can be registered automatically using device profiler or manually using the Register as Host or Register as Device options in the Host View. See Device profiler, Add or modify a host and Register a host as a device.
  • Hosts can be registered by importing their records from a .csv file into the database. See Import hosts, users or devices for more information.

Registered hosts have specific icons that represent the type of device or host that has been registered and their last known state. See Icons for a list of icons and their definitions.

If gaming devices are registered, they are automatically placed in the forced scan exceptions and forced authentication exceptions groups. This prevents them from being scanned or forced to authenticate when they are on the network.

An authenticated user is a network user that has entered a user name and password on a login page and been verified using an existing authentication method. Authentication methods include the local FortiNAC database, an LDAP directory, a RADIUS server or a combination in which a user is authenticated by a RADIUS server and registered using data in LDAP. An authenticated user has a specific icon in the user view that is separate from the icon representing their computer on the Host View.

A single computer can have more than one icon if it has more than one network interface. For example, if a user has a laptop computer with both wired and wireless access to the network, you may see several records and icons for that user and host combination. You will see one record in the user view for the user, one record in the Host View for the computer itself and two records in the adapter view for the wired and wireless adapters. The two network interfaces are called siblings because they reside on the same computer. If the host is disabled by FortiNAC both adapters are automatically disabled also. Adapters can be disabled individually if they are disabled manually.

Registration process

FortiNAC uses the host registration process to create registered hosts in its database. A registered host is a known entity that has an ID. Hosts can be computers, gaming devices, IP phones or any device that requires network services.

Existing host

A host attempts to connect to the network.

FortiNAC compares the host information with the host records in its database.

If the host record exists and has not been disabled, FortiNAC allows access to the network.

New host - captive portal

If the host record does not exist, a Registration web page is displayed, forcing the user to register the equipment.

The user selects the type of registration, such as guest, network user or gaming device.

On the next page, the user enters a user name and password. This provides identity for the computer or gaming device being registered.

If a computer is being registered, the security policy for this user may require that the user download an agent to scan the computer. See Determining host operating system.

When the computer has met all of the criteria of the scan, it is registered and allowed access to the network.

New host - Passive Agent registration

When a user logs onto or off of the network a Passive Agent is served to the user's computer.

The computer is scanned and registered. See Passive Agent.

Registration logs

FortiNAC generates a log entry for each host that registers. A new log file is created for each day. The log is a delimited text file. The file is stored in the /home/cm/registration directory. The file name is RegistrationLog.mm.dd.yyyy, such as RegistrationLog.03.15.2009. The record for each host contains the following information:

Settings

Data

Description

First Name

User’s first name as entered on the Registration page.

Last Name

User’s last name as entered on the Registration page.

Login

User’s login for the network.

Hardware Type

User’s hardware type; for example, wired, wireless.

Location

Hardware's location on your network.

IP address

The IP address assigned to the hardware’s location.

Physical Address

MAC address of the hardware.

E-Mail

The e-mail address to be used to contact the user.

Position/Grade

The position of the user; for example, Professor, or Administration. Or, the grade of the student; for example, year of graduation.

Address

User Contact information.

City

State

Zip/Postal Code

Phone

PC Name

The name of the PC.

PC Type

The type of the PC; for example, a server, laptop or desktop.

PC Serial Number

The serial number of the PC.

Registration Date/Time

The date and time the user and equipment were registered. The format is MM.DD.YYY HH:MM:SS AM(PM); for example: 09.05.2008 09:45:33 AM