Fortinet black logo

Administration Guide

Import hosts, users or devices

Copy Link
Copy Doc ID 2cb222d1-3405-11ea-9384-00505692583a:758947
Download PDF

Import hosts, users or devices

Hosts, users or devices can be imported into the database from a .csv (comma separated value) file. Devices imported through the Host View are displayed in the Host View.

Create an import file

To add Hosts, users, devices or IP Phones create a comma separated value (.csv) file using any text editor or spreadsheet tool. If you are using a text editor to create the file, use commas to separate the fields when you enter the data. Use carriage returns to separate records. You can mix the types of records you are importing. For example, you can import hosts, users and IP Phones in the same file as long as you have all of the appropriate fields in the header row.

To add Hosts or Devices create a comma separated value (.csv) file using any text editor or spreadsheet tool. If you are using a text editor to create the file, use commas to separate the fields when you enter the data. Use carriage returns to separate records.

The first row in the file is a header row and must contain a comma separated list of the database field names that are included in the import file. The order of the fields does not matter. For example, to import hosts and their corresponding adapters the header row could have the following fields: adap.mac,adap.ip,host.owner,host.host,siblings

Unless otherwise specified, data type is a string with no size limitations. Fields are case sensitive. For example, if you have user IDs SMITH123 and Smith123, the database treats these as two separate user records.

If you import something that already exists in the database, the existing record is updated with the new data from the import. For example, assume the database contains a host record with MAC address A0:11:22:BE:44:2C, IP address 192.168.10.102 and host name Taylor1 and you import a record that has MAC address A0:11:22:BE:44:2C, IP address 192.168.5.10 and host name Jones1. The MAC address remains the same since that is the key, but the other fields are updated. The database now contains a host record with MAC address A0:11:22:BE:44:2C, IP address 192.168.5.10 and host name Jones1.

Imported data is displayed on multiple views. Adapter data is displayed on the Adapter View and in Adapter Properties. Host data is displayed in the Host View, in Host Properties. User data is displayed in the User View and User Properties.

The table below lists all of the possible import data fields by the name that should be used in the header row, indicates which fields are required and provides a definition for each field.

Fields

Header Field

Required For

Properties Field: Definition

Adapter

adap.ip

IP address: IP address of the adapter. Use a valid IP format, such as, 127.0.0.1.

adap.mac

host

Physical Address: MAC address of the adapter. Use a valid MAC format, such as 00:19:D1:94:5C:06.

adap.loc

Location: The switch and port where the adapter is connected to the network.

adap.media

Media Type: Network interface type (wired or wireless).

adap.accessVal

Access Value: VLAN to which the adapter is assigned.

adap.descr

Description: Description of the adapter, such as, Intel(R) 82566DM Gigabit Network Connection.

adap.venName

Vendor Name: Name of the vendor for the adapter based on the first three octets of the MAC address, such as, Intel Corporation. vendor OUIs are stored in the database and can be viewed through the vendor OUI screen. See Vendor OUIs.

Host view

host.host

Host Name: Name of the host.

host.role

Role: Roles are attributes on hosts that can be used as filters by FortiNAC when selecting a network access policy, an endpoint compliance policy or a Supplicant EasyConnect Policy. The role must be defined in FortiNAC and must be the same spelling and case. If the role field is blank or is not included in the import the host is assigned to the NAC-Default role.

host.owner

Registered User: User ID of the host's owner. On import FortiNAC checks for the user in its own database and in the LDAP directory. If the user does not exist a new user record is created. If the user does exist the user is connected to the host.

host.expireDate

Expiration Date: Date that the host is aged out of the database. Date format is MM/dd/yy HH:mm AM/PM Timezone or 04/07/10 08:11 AM EST. If not included in the import, the global setting in FortiNAC Properties is used. See Aging.

The value "Never" can be used to prevent a host from ever being removed from the database by the aging process.

Host age times are evaluated every ten minutes. If you specify a date and time, the host may not be removed from the database for up to ten minutes after the time selected.

host.inact

Days Inactive: the host can be inactive before being aged out. This number is used to calculate the date to age the host out of the database. If not included in the import, the global setting in FortiNAC Properties is used. See Aging.

To avoid using the default settings you must enter a number in this field. You can use a very large number to ensure that the host is not deleted, such as 1825 Days (equals five years). Make sure that there is a space between the number and the word Days. The format for the value must be as follows:

xxx Days

1825 Days

host.sn

Serial Number: Serial number of the host.

host.hwType

Hardware Type

host.os

Operating System: Host's operating system such as Windows XP or macOS.

Note

Only hosts that have an operating system listed in Host Properties are rescanned at the scheduled rescan time. Valid operating systems include: Windows or Mac.

host.agentTag

Asset Tag: Arbitrary value assigned in the BIOS by the owner or manufacturer.

host.agentVer

Agent Version: Version number of the Persistent Agent installed on the host.

host.hasAgent

Persistent Agent: Indicates whether or not the host has an agent installed. Use true or false. If the field is left blank, the default is false.

host.notes

Notes: Data is imported into the Notes field in Host Properties.

host.topo

host -
if importing into Topology

Topology: Container in Topology where this host should be placed on import. This field is required if importing into Topology. Host is managed by the Host View but displays in both the Host View and the Topology.

host.dirPolVal

Security And Access Value: Security and Access Value is an attribute used as a filter for user/host profiles. Typically this is a value that comes from the user record in the directory. However, if you are not authenticating through a directory or if this host does not have an owner, the Security and Access Value can be entered manually.

host.devType

Device Type: Must be one of the following device types or blank:

  • Alarm System
  • Android
  • Apple iOS
  • Camera
  • Card Reader
  • Cash Register
  • Dialup Server
  • Environmental Control
  • Gaming Device
  • Generic Monitoring System
  • Health Care Device
  • Hub
  • IP Phone
  • Linux
  • macOS
  • Mobile Device
  • Network
  • PBX
  • Pingable
  • Printer
  • Registered Host
  • Server
  • StealthWatch
  • Top Layer IPS
  • Unix
  • UPS
  • Vending Machine
  • Windows
  • Wireless Access Point
  • VPN
  • IPS / IDS

siblings

Siblings: Adapters that are on the same host are siblings. For example, if a PC has a wireless adapter and a wired adapter, those adapters are siblings.

Enter the MAC addresses of all of the adapters for this host separated by semi-colons (;). See the example below:

00:15:70:CA:7D:01;00:15:70:CA:7D:00

Each adapter must have a separate record in the .csv file, with a siblings field listing all of the adapters on the host.

Some device types may have only one adapter, such as IP Phones. To import those devices, include the MAC address of the single adapter in the siblings field with no semi-colon.

User

authType

Local- local user

RADIUS: RADIUS user

LDAP: LDAP user

Note

If "authType" is set to "LDAP" the user record will sync with the directory

user.fn

User's first name.

user.ln

User's last name.

user.uid

user

ID: Unique alpha numeric user ID.

If a directory is used for authentication, when the FortiNAC database is synchronized with the directory, data for users with matching IDs is overwritten with data from the directory. For example, if you import a user with ID AB118 named Ann Brown and the directory contains a record of AB118 as Andrew Bowman, then your database shows AB118 Andrew Bowman.

user.email

User's e-mail address. For multiple e-mail addresses, enter addresses separated by commas or semi-colons. Messages are sent to all e-mail addresses provided.

user.addr

User's mailing address.

user.city

User's city.

user.st

User's state.

user.zip

User's postal code.

user.ph

User's telephone number.

user.title

User's title.

user.role

Role: Roles are attributes on users that can be used as filters by FortiNAC when selecting a network access policy, an endpoint compliance policy or a Supplicant EasyConnect Policy. The role must be defined in FortiNAC and must be the same spelling and case. If the role field is blank or is not included in the import the host is assigned to the NAC-Default role.

user.notes

Notes: Data is imported into the Notes field in User Properties.

user.pw

Password: Password for this user.

user.dirPolVal

Security And Access Value: Security and Access Value is an attribute of a user that can be used as a filter for user/host profiles. Typically this is a value that comes from the user record in the directory. However, if you are not authenticating through a directory the Security and Access Value can be entered manually.

user.expireDate

Expiration Date: Date that the user is aged out of the database. Date format is MM/dd/yy HH:mm AM/PM Timezone or 04/07/10 08:11 AM EST.

user.maxHosts

Allowed Hosts: Maximum number of hosts that can be associated with or registered to this user and connect to the network.

user.delHosts

Delete Associated Hosts: Indicates whether or not hosts registered to this user should be deleted when the user is aged out of the database. Enter either Yes or No. This data displays on the User Properties window in the Time section and is set when the expiration date is set.

Importing this field requires that you also include user.expireDate in your import file. If you do not include user.expireDate, the user.delHosts field data is not imported.

user.smsNum

Mobile Number: User's mobile phone number. This can be used to send SMS Messages based on events and alarms.

user.smsPro

Mobile Provider: The carrier or provider for the user's mobile phone. This must match the name of one of the providers in the Mobile Providers list in the database. See Mobile providers.

Import hosts, users or devices

Hosts, users or devices can be imported into the database from a .csv (comma separated value) file. Devices imported through the Host View are displayed in the Host View.

Create an import file

To add Hosts, users, devices or IP Phones create a comma separated value (.csv) file using any text editor or spreadsheet tool. If you are using a text editor to create the file, use commas to separate the fields when you enter the data. Use carriage returns to separate records. You can mix the types of records you are importing. For example, you can import hosts, users and IP Phones in the same file as long as you have all of the appropriate fields in the header row.

To add Hosts or Devices create a comma separated value (.csv) file using any text editor or spreadsheet tool. If you are using a text editor to create the file, use commas to separate the fields when you enter the data. Use carriage returns to separate records.

The first row in the file is a header row and must contain a comma separated list of the database field names that are included in the import file. The order of the fields does not matter. For example, to import hosts and their corresponding adapters the header row could have the following fields: adap.mac,adap.ip,host.owner,host.host,siblings

Unless otherwise specified, data type is a string with no size limitations. Fields are case sensitive. For example, if you have user IDs SMITH123 and Smith123, the database treats these as two separate user records.

If you import something that already exists in the database, the existing record is updated with the new data from the import. For example, assume the database contains a host record with MAC address A0:11:22:BE:44:2C, IP address 192.168.10.102 and host name Taylor1 and you import a record that has MAC address A0:11:22:BE:44:2C, IP address 192.168.5.10 and host name Jones1. The MAC address remains the same since that is the key, but the other fields are updated. The database now contains a host record with MAC address A0:11:22:BE:44:2C, IP address 192.168.5.10 and host name Jones1.

Imported data is displayed on multiple views. Adapter data is displayed on the Adapter View and in Adapter Properties. Host data is displayed in the Host View, in Host Properties. User data is displayed in the User View and User Properties.

The table below lists all of the possible import data fields by the name that should be used in the header row, indicates which fields are required and provides a definition for each field.

Fields

Header Field

Required For

Properties Field: Definition

Adapter

adap.ip

IP address: IP address of the adapter. Use a valid IP format, such as, 127.0.0.1.

adap.mac

host

Physical Address: MAC address of the adapter. Use a valid MAC format, such as 00:19:D1:94:5C:06.

adap.loc

Location: The switch and port where the adapter is connected to the network.

adap.media

Media Type: Network interface type (wired or wireless).

adap.accessVal

Access Value: VLAN to which the adapter is assigned.

adap.descr

Description: Description of the adapter, such as, Intel(R) 82566DM Gigabit Network Connection.

adap.venName

Vendor Name: Name of the vendor for the adapter based on the first three octets of the MAC address, such as, Intel Corporation. vendor OUIs are stored in the database and can be viewed through the vendor OUI screen. See Vendor OUIs.

Host view

host.host

Host Name: Name of the host.

host.role

Role: Roles are attributes on hosts that can be used as filters by FortiNAC when selecting a network access policy, an endpoint compliance policy or a Supplicant EasyConnect Policy. The role must be defined in FortiNAC and must be the same spelling and case. If the role field is blank or is not included in the import the host is assigned to the NAC-Default role.

host.owner

Registered User: User ID of the host's owner. On import FortiNAC checks for the user in its own database and in the LDAP directory. If the user does not exist a new user record is created. If the user does exist the user is connected to the host.

host.expireDate

Expiration Date: Date that the host is aged out of the database. Date format is MM/dd/yy HH:mm AM/PM Timezone or 04/07/10 08:11 AM EST. If not included in the import, the global setting in FortiNAC Properties is used. See Aging.

The value "Never" can be used to prevent a host from ever being removed from the database by the aging process.

Host age times are evaluated every ten minutes. If you specify a date and time, the host may not be removed from the database for up to ten minutes after the time selected.

host.inact

Days Inactive: the host can be inactive before being aged out. This number is used to calculate the date to age the host out of the database. If not included in the import, the global setting in FortiNAC Properties is used. See Aging.

To avoid using the default settings you must enter a number in this field. You can use a very large number to ensure that the host is not deleted, such as 1825 Days (equals five years). Make sure that there is a space between the number and the word Days. The format for the value must be as follows:

xxx Days

1825 Days

host.sn

Serial Number: Serial number of the host.

host.hwType

Hardware Type

host.os

Operating System: Host's operating system such as Windows XP or macOS.

Note

Only hosts that have an operating system listed in Host Properties are rescanned at the scheduled rescan time. Valid operating systems include: Windows or Mac.

host.agentTag

Asset Tag: Arbitrary value assigned in the BIOS by the owner or manufacturer.

host.agentVer

Agent Version: Version number of the Persistent Agent installed on the host.

host.hasAgent

Persistent Agent: Indicates whether or not the host has an agent installed. Use true or false. If the field is left blank, the default is false.

host.notes

Notes: Data is imported into the Notes field in Host Properties.

host.topo

host -
if importing into Topology

Topology: Container in Topology where this host should be placed on import. This field is required if importing into Topology. Host is managed by the Host View but displays in both the Host View and the Topology.

host.dirPolVal

Security And Access Value: Security and Access Value is an attribute used as a filter for user/host profiles. Typically this is a value that comes from the user record in the directory. However, if you are not authenticating through a directory or if this host does not have an owner, the Security and Access Value can be entered manually.

host.devType

Device Type: Must be one of the following device types or blank:

  • Alarm System
  • Android
  • Apple iOS
  • Camera
  • Card Reader
  • Cash Register
  • Dialup Server
  • Environmental Control
  • Gaming Device
  • Generic Monitoring System
  • Health Care Device
  • Hub
  • IP Phone
  • Linux
  • macOS
  • Mobile Device
  • Network
  • PBX
  • Pingable
  • Printer
  • Registered Host
  • Server
  • StealthWatch
  • Top Layer IPS
  • Unix
  • UPS
  • Vending Machine
  • Windows
  • Wireless Access Point
  • VPN
  • IPS / IDS

siblings

Siblings: Adapters that are on the same host are siblings. For example, if a PC has a wireless adapter and a wired adapter, those adapters are siblings.

Enter the MAC addresses of all of the adapters for this host separated by semi-colons (;). See the example below:

00:15:70:CA:7D:01;00:15:70:CA:7D:00

Each adapter must have a separate record in the .csv file, with a siblings field listing all of the adapters on the host.

Some device types may have only one adapter, such as IP Phones. To import those devices, include the MAC address of the single adapter in the siblings field with no semi-colon.

User

authType

Local- local user

RADIUS: RADIUS user

LDAP: LDAP user

Note

If "authType" is set to "LDAP" the user record will sync with the directory

user.fn

User's first name.

user.ln

User's last name.

user.uid

user

ID: Unique alpha numeric user ID.

If a directory is used for authentication, when the FortiNAC database is synchronized with the directory, data for users with matching IDs is overwritten with data from the directory. For example, if you import a user with ID AB118 named Ann Brown and the directory contains a record of AB118 as Andrew Bowman, then your database shows AB118 Andrew Bowman.

user.email

User's e-mail address. For multiple e-mail addresses, enter addresses separated by commas or semi-colons. Messages are sent to all e-mail addresses provided.

user.addr

User's mailing address.

user.city

User's city.

user.st

User's state.

user.zip

User's postal code.

user.ph

User's telephone number.

user.title

User's title.

user.role

Role: Roles are attributes on users that can be used as filters by FortiNAC when selecting a network access policy, an endpoint compliance policy or a Supplicant EasyConnect Policy. The role must be defined in FortiNAC and must be the same spelling and case. If the role field is blank or is not included in the import the host is assigned to the NAC-Default role.

user.notes

Notes: Data is imported into the Notes field in User Properties.

user.pw

Password: Password for this user.

user.dirPolVal

Security And Access Value: Security and Access Value is an attribute of a user that can be used as a filter for user/host profiles. Typically this is a value that comes from the user record in the directory. However, if you are not authenticating through a directory the Security and Access Value can be entered manually.

user.expireDate

Expiration Date: Date that the user is aged out of the database. Date format is MM/dd/yy HH:mm AM/PM Timezone or 04/07/10 08:11 AM EST.

user.maxHosts

Allowed Hosts: Maximum number of hosts that can be associated with or registered to this user and connect to the network.

user.delHosts

Delete Associated Hosts: Indicates whether or not hosts registered to this user should be deleted when the user is aged out of the database. Enter either Yes or No. This data displays on the User Properties window in the Time section and is set when the expiration date is set.

Importing this field requires that you also include user.expireDate in your import file. If you do not include user.expireDate, the user.delHosts field data is not imported.

user.smsNum

Mobile Number: User's mobile phone number. This can be used to send SMS Messages based on events and alarms.

user.smsPro

Mobile Provider: The carrier or provider for the user's mobile phone. This must match the name of one of the providers in the Mobile Providers list in the database. See Mobile providers.