To implement Passive Agent registration, you must complete the following tasks:
- Integrate your directory with FortiNAC. See Directories for configuration and integration information.
- Create one or more Passive Agent configurations. See Add or modify configuration.
- If the Passive Agent Configuration Modified event is enabled, the Event Log tracks each Passive Agentconfiguration as it is added, modified or removed. In addition, the user name of the user who made the changes and the current configuration settings are included in the event message. See Event management to enable or disable this event. See Events to view the event log.
- If you plan to scan users' computers when they log in, create one or more security policies. See Endpoint compliance policies.
- If you have more than one FortiNAC and you want to control which server responds to which hosts, configure IP address ranges for each server. See IP ranges .
Go to the Agent Distribution window and download the Passive Agent. It is recommended that you rename this file, and remove the spaces in the filename before you distribute it. See Agent packages.
- To scan user's computers the agent downloaded in the previous step must be set up to deploy or to be served to the host when the user logs into or off of the network. The agent can be served using Group Policy Objects, Desktop Management Software or any method that allows the network administrator to deploy and run the agent on a remote host as users login or logout of the domain. The method of deployment is up to the Network Administrator.
- If you choose to use Group Policy Objects to deploy the agent, you must also download the Administrative Templates provided on the Agent Distribution window, install them on your Windows Server and configure the appropriate settings. See Administrative templates for GPO.
- When the Passive Agent is run using a script, there are additional arguments that must be used to indicate whether the agent is attempting login or logout. See CLI arguments.