Administration Guide

What's new in FortiNAC 8.7.0
FortiNAC
- Introduction
- DNS configuration
- IPv6 support
- Login procedure
- Connection errors
- Internet access
- Licenses
- Navigation
- Menus
  - Manage bookmarks
  - User preferences
- Passwords
- Time stamps and time zones
- Analytics
- Icons
- Certificates
- Manage hosts and ports
- Locate
- Guest accounts
- Send messages to hosts
Dashboard
- Adding panels
- Alarms
- Host Summary
- User Summary
- Network Device Summary
- License Information
- Performance
- Persistent Agent Summary
- Security Summary
- Scans
- Summary
- Views
Settings
- Control
- Identification
- Network device
- Persistent Agent settings
- Reports
- Security
  - Portal SSL
  - Certificate management
- System communication
- System management
- Updates
- User/host management
Authentication
- Automatic authentication
- Google authentication
- Directories
- RADIUS
- Roaming guests
Portal configuration
- Splash page
- Portal content editor
- Multiple portals
- Configure authentication credentials
- Portal configuration - version 1 settings
- Content fields
Device profiler
- Process
- Implementation
- Rules
- Profiles for device managers
- Add an administrator
- Events and alarms
- Profiled devices
Monitor devices
- View and register known devices
- Learning about hosts on the network
- Isolate unknown devices
- Control access based on device types
- View logs and reports
- FortiGate sessions
Policies
- Policy assignment
- Policy details
- Policy simulator
- User/host profiles
- Portal policies
- Authentication policies
- Authentication configurations
  - Add or modify a policy
  - Delete a configuration
- Network access policies
- Network access configurations
- Endpoint compliance policies
- Endpoint compliance configurations
- Supplicant EasyConnect policies
- Supplicant configurations
- Remediation configurations
Scans
- Scan on connect
- Scan hosts without enforcing remediation
- Delayed remediation
- Add or modify a scan
- Delete a scan
- Scans in use
- Schedule a scan
- Custom scans
  - Create a scan
  - Scan categories
  - Windows
  - macOS
  - Linux
  - Severity level
  - Use case
- Scan parameters
Endpoint compliance
- Implementation
- Agent overview
- Dissolvable Agent
- Passive Agent
- Persistent Agent
- Mobile Agent
- Agent server communications
- Auto-definition updates
Role management
- Configuration
- Assigning roles
- Roles view
- Network device roles
  - Add role mappings
  - Modify or delete role mapping
Guest manager
- Implementation
- Guest/contractor templates
- Administrator profile
- Administrators
- Portal page setup
- Printer settings for guest badges
- Events and alarms
- Sponsors
- Guest/contractor login
- Using a kiosk
- Guest self registration
Automated Threat Response (ATR)
- Implementation
- Security rules
  - Add or modify a rule
  - Delete a rule
- Triggers
- Security actions
- Security alarms
- Security events
- Vendor severity levels
User View
- Configure table columns and tooltips
- Search settings
- User drill-down
- User properties
- Add or modify a user
- Delete a user
- Add users to groups
- Group membership
- Guest account details
- Set user expiration date
Administrator profiles
- Default administrator profiles
- Permissions list
- Add an administrator profile
- Modify administrator profiles
- Delete an administrator profile
- Copy an administrator profile
- Administrator profile mappings
Administrators
- Add an administrator
- Modify an administrator
- Delete an administrator
- Copy an administrator
- Modify an administrator profile
- User theme
- Limit access with groups
- Set privileges based on directory groups
- Add administrators to groups
- Group membership
- Configure secure mode
Import and export data
- Import archived data
- Import hosts, users or devices
- Import an administrator
- Import IP ranges
- CLI import tool
  - Create .csv files for device import
  - Import devices with the CLI tool
- Import port descriptions
- Export data
Topology
- Topology tree contact status
- Network summary
- Customer icon
  - Configure container for devices
  - Rename the customer icon
- Container icon
- Device view
- Device configuration
- Ports view
- SSID view
  - SSID configuration
  - Modify multiple SSIDs
- Logical networks
Hosts, adapters, and applications
- USB/Thunderbolt external Ethernet adapters
- Host View
- Adapter View
- Aging out host or user records
- Application view
Device identity
Containers
- Configure container for devices
Network devices
- Network device groups
Groups view
- Add groups
- Copy a group
- Delete a group
- Limit user access with groups
- Modify a group
- Group membership
- Show group members
- Group in use
- Aging hosts in a group
- System groups
- Customer defined groups
Admin auditing
- Configuration
- Accessing the auditing log
Scheduler
- Add a task
- Add other scheduled tasks
- Copy a task
- Delete a task
- Modify a task
- Run task now
Event management
- Enable and disable events
- Event thresholds
- Log events to an external log host
- Examples of syslog messages
- View events currently mapped to alarms
Events
- Event notes
- Events and alarms list
Alarms
- Show or hide alarm details
- Map events to alarms
- Add or modify alarm mapping
- Bulk modify alarm mappings
- Delete alarm mapping
Reports
- Standard report templates
- Custom reports
- Schedule reports
- Archived reports
Scan results view
- Show details
- Archive and clear all scans
- Archive and clear selected scans
Connections
CLI configuration
- Configuration in use
- Show configuration
- Port based and host based configurations
- Add or modify a configuration
- Sample configurations
- Implement configurations
- Port changes view
- Requirements for ACL based configurations
High availability
- Server communication
- Using a shared IP address (Layer 2)
- Servers on different subnets (Layer 3)
- Connectivity configuration
- Primary and secondary configuration
- Update software
- High availability concepts
- Troubleshooting tips
Receive data from external devices
Send SMS messages
Wireless security
- Auto-configured data
- SSID mappings
- Secure SSID for guest management
- Open SSID for guest management
- Secure SSID for device onboarding
- Open SSID for device onboarding

Home FortiNAC 8.7.0 Administration Guide

8.7.0

Application inventory

Application Inventory lists all of the programs found on a selected host either by a FortiNAC Windows, MAC, Linux, or Mobile Agent or an agent from an MDM Service that is integrated with FortiNAC.

Right-click a host in the Host View and select Host Applications.

The application inventory is not populated during the initial scan. Subsequent manual or scheduled scans will perform this function.

FortiNAC agents must be version 3.1 or higher to collect application data.

Settings

Field

Definition

Threat Score

The threat score assigned to the application.

This field appears only when the ATR license is enabled.

Operating System

Device operating system, such as iOS.

Operating System
Version

The operating system version for the device. (This information may not be available.)

Source

Source of the application data, such as an MDM Service.

Version

Operating system version.

Threat Override

Indicates whether an application as Trusted or Untrusted according to the threat score.

This field appears only when the ATR license is enabled.

Package Name

The namespace in which the application is run. (This information may not be available.)

Submit Date

The date when the application was last submitted to a Threat Analysis Engine.

This field appears only when the ATR license is enabled.

Host Count

The number of hosts that have the application.

Learned Time

Date and time that FortiNAC first learned about this device.

Last Updated

Date and time of the last update t this device in FortiNAC.

Name

Name of the installed application.

Vendor

Domain name of the application vendor.

Version

Version number of the installed application.

Learned Time

Date and time that FortiNAC first learned about this application.

Export

Exports the data displayed to a file in the default downloads location. File types include CSV, Excel, PDF, or RTF. See Export data.

Set Threat Override

Marks an application as Trusted or Untrusted, overriding the existing threat score. The original threat score is not changed, and the override may be set back to "none". Users can also right-click in the Applications table to access this option.

This field appears only when the ATR license is enabled.