Endpoint compliance policies for guests
Endpoint compliance policies and the agents that run associated scans are assigned based on the rules contained within the Policy. FortiNAC selects a scan and an agent by comparing guest and host data to the user/host profile in each policy beginning with the policy ranked number 1 until a match is found. When a match is found the scan and agent are assigned and the guest's computer is scanned. If you want to create a specific policy for guests, you must define a policy that searches for user data that only guests will match and place it at the beginning of the list of policies.
Example 1
In this example the policy will apply to guests based on their Role. Create a policy that has the following settings:
User/host profile
- Where (Location): Leave this field blank.
- Who/What by Group: Leave this field blank.
- Who/What by Attribute: Add a filter for users. Within the filter enable Role and enter the name of the Role assigned to guests. Typically the Role is named Guest, but you may have chosen to use a different role for Guests. Roles are assigned by the guest template used to create the guest account.
- When: Set to Always.
Scan
- Scan: Create a scan to evaluate guest computers for compliance.
Endpoint compliance configuration
- Scan: Select the scan you wish to apply to guests.
- Agent Tab: Select the agent that should be used.
Endpoint compliance policy
- User/Host Profile: Select the profile that determines who is assigned this policy.
- Endpoint Compliance Configuration: Select the configuration that determines the scan and agent used.
Example 2
In this example the policy will apply to guests based on their Security & Access Value. Create a policy that has the following settings:
User/host profile
- Where (Location): Leave this field blank.
- Who/What by Group: Leave this field blank.
- Who/What by Attribute: Add a filter for users. Within the filter enable Security & Access Value and enter the name of the Security & Access Value assigned to guests. These values are assigned by the guest template used to create the guest account.
- When : Set to Always.
Scan
- Scan: Create a scan to evaluate guest computers for compliance.
Endpoint compliance configuration
- Scan: Select the scan you wish to apply to guests.
- Agent Tab: Select the agent that should be used.
Endpoint compliance policy
- User/Host Profile: Select the profile that determines who is assigned this policy.
- Endpoint Compliance Configuration: Select the configuration that determines the scan and agent used.