Fortinet white logo
Fortinet white logo

Administration Guide

Locate

Locate

Click Bookmarks > Locate on the dashboard to locate devices, users or hosts. Enter information in any or all of the fields.

Locate devices or hosts

  1. Select Bookmarks > Locate.
  2. Select a search type.

    Search Type

    Description

    All

    This option searches for both devices and hosts.

    Devices

    Use this option to locate network devices.

    Hosts/Users

    Use this option to locate hosts or users.

  3. Enter the search criteria. To reduce the potential for a significant number of records being returned in the search results, you must enter a value into one of the search fields.

    If the search type is set to All and you enter data in the Name field, FortiNAC searches for user sast names and network device names.

  4. Click Search.

Locate hosts and users

This window can be used to search your database for hosts and users of many types. Guests, contractors and conference attendees are also considered users and can be located using this window or through the Guest/Contractor Accounts window. See Guest/contractor accounts.

You cannot locate guest or contractor accounts until the account is automatically created on the specified date. For example, a contractor account scheduled for March 1 cannot be located until that date.

Use the Locate window to:

  • Check that a record for a host exists.
  • See where the host is on the network.
  • Check the connect status and access of the host.
  • Search for a registered host by MAC address to see where it is on the system.
  • Use wild cards to search for hosts or users. See Wild cards for additional information.

Locate hosts

  1. Select Bookmarks > Locate.
  2. Select Hosts/Users from the Search Type drop-down list.
  3. Enter the Search criteria.
  4. Click Search.
Fields

Field

Description

Registered hosts/devices

Last Name

Last name of a user associated with the registered host or the vendor name of a rogue host.

IP address

IP address of the host.

Additional adapter info

MAC Type

MAC Type for the host. The available options are: Invalid, Valid or Both.

Connect State

Connect State of the adapter. Options include: Both, Off line or On line.

Access

Access state of the adapter. Options include, Enabled, Disabled or Both.

Physical Address

MAC address of the adapter on the host.

Media Type

Searches the Media Type field in the Adapter Properties. Typically this would be either wired or wireless.

Access Value

Name or number of the network access identifier given to this adapter based on the state of the host and the device to which the adapter is connected, such as VLAN ID, VLAN Name or Aruba Role.

Additional host info

Host Name

Name of the host.

Agent Version

Version number of the Persistent Agent, Mobile Agent, or Dissolvable Agent on the host.

Operating System

Operating system on the host.

Hardware

Hardware type of the host.

Host Type

Narrow the search by a specific type of host: All, IP Phone, Registered or Rogue.

Authenticated State

Include hosts on which a user has Authenticated, Not-authenticated or Both.

Security State

Include hosts that are Safe, At Risk, Pending At Risk or All.

Search results for Safe hosts include Pending At Risk hosts. Pending At Risk is a sub-set of Safe hosts.

Persistent Agent

The Persistent Agent usage of the host. Options include:

  • No Agent: Hosts with no agent.
  • Agent: Hosts using the Persistent Agent.
  • Both: Includes both hosts that have the Persistent Agent or no Agent.

Connect State

The connect state of the adapter. Options include both, offline, or online.

Access

The access state of the host. Options include enabled, disabled, or both.

Host Role

Name of the Role assigned to the host. Roles are used to group hosts and are used as filters in user/host profiles.

Security & Access Value

Directory attribute used as a filter when determining which policies apply to hosts. Data contained in this field is copied from the user's account in the directory to the Security and Access value field on the User, Host and Adapter Properties. It can also be entered manually.

Additional user info

First Name

First name of the user associated with the host.

User ID

Unique alphanumeric ID. Typically comes from the directory but if you are not using a directory, this field can be created manually.

Title

User's title, this could be a form of address or their title within the organization.

Admin Profile

Searches both administrators and network users. Options include: Any or a list of your administrator profiles. To search network users and guests or contractors, select Any.

Sponsor

If the administrator performing the search has sponsor privileges, his User Name may be filled in this field. Depending on permissions, a sponsor's search may be limited to the hosts he created and then registered.

Sponsors with the ability to view all accounts can use this field to find hosts created and then registered by a specific sponsor by entering that sponsor's user name in this field.

User Role

Name of the Role assigned to the user. Roles are used to group users and as filters in user/host profiles.

Access

The Access state of the user. Options include, Enabled, Disabled or Both.

Security & Access Value

Directory attribute used as a filter in user/host profiles when determining which Policies apply to hosts. Data contained in this field is copied from the user's account in the directory to the Security and Access value field on the User, Host and Adapter Properties. It can also be entered manually.

Search results

Search results displays the host and user information and provides access to other host-specific information such as Adapter Properties, Host Properties, group membership, port properties, and Device Properties. Administrators can delete hosts, adapters and users from this view.

Column

Description

Server

Server managing the host.

Name

Last name of the user (from the user record), hostname or vendor name. This column could contain any combination of this data.

ID

ID of the host or user.

IP address

IP address of the host.

Physical Address

MAC address of the host.

Location

Device the host is connected to, such as a switch or a router.

Views

Icons that provide access to other related information. Click an icon to go to that view from the results window. Options include: Adapter Properties, Host Properties, group membership, Ports Properties and Device Properties.

Remove Buttons

Click the one or more check boxes in the left column to select items for deletion. Selected are removed items from the server where they were being managed. Only administrators can delete.

Remove options are as follows:

  • Remove Host And Adapters: Deletes the selected host and all corresponding adapters. If a host has a wired and a wireless adapter, both are removed from the database.
  • Remove Adapter: Deletes only the selected adapter but leaves the host record, other adapter records and the user record in the database.
  • Remove Host Adapters And User: Deletes everything associated with the selected host from the database.
  • Remove User: Deletes the user associated with the selected host from the database.

Edit hosts

After searching for hosts using the Locate view, you are presented with a list of results. From within that list you can delete hosts, users and adapters, edit group membership and view adapter properties.

Delete hosts

  1. Select Bookmarks > Locate.
  2. Enter the search criteria in the Locate view.
  3. In the search results, select the check box next to the record(s) to be deleted.
  4. Click Remove at the bottom of the window.

View or modify group membership

  1. Select Bookmarks > Locate.
  2. Enter the search criteria in the Locate view.
  3. Go to the Views column in the search results and click the Group Membership icon.
  4. The groups that contain this host or user are displayed.
  5. Add or remove groups as needed and click Apply to save changes.

If an item is placed in a subgroup, it can only be removed when viewing the membership of that subgroup. It cannot be removed from the parent group containing the subgroup.

For example, the L2 network devices group contains the Wired Devices and Wireless Devices subgroups. The Wired Devices subgroup contains four 3COM switches. The Wireless Devices subgroup contains two Cisco switches.The L2 network devices group membership list shows all six switches, but to remove one of the 3COM switches you must go to the Wired Devices membership list.

View properties

  1. Select Bookmarks > Locate.
  2. Enter the search criteria in the Locate view.
  3. Go to the Views column in the search results and click the Properties icon.
  4. The properties for the selected adapter, host or user are displayed.

Locate devices

  1. Select Bookmarks > Locate.
  2. Select Devices from the Search Type drop-down list.
  3. Enter the Search criteria.
  4. Click Search.
Fields

Field

Definition

Name

Name of the device.

IP address

IP address of the device.

Status

The status of the device:

Any: Show device regardless of current status.

Management Lost: System is still in contact with the server, but the server is not managing anything.

Lost: Cannot ping a known device.

Unknown: Very brief status that only occurs while pinging a new device. Once the device responds to the ping the status changes.

Established: Device can be pinged and is in contact.

Protocol

Protocol used to communicate with the device. Options include: Pingable, SNMP or Both.

Physical Address

Physical address of the device.

If you enter a value for this option in the All or Device search, all of the device ports with a matching MAC address are shown in the results. If you do not enter a MAC address, only the device model is shown in the results.

Results

Field

Definition

Server

Name of the FortiNAC Control Server where the device is located.

Name

Name of the device.

IP address

IP address of the device.

Physical Address

MAC address of the device.

Type

Device type (vendor name/model).

Status

Contact status of the device.

Views

Icons that provide access to device specific views. Click an icon to go to that view from the results window. Options include: Device Properties, device group membership and Ports and Hosts.

Edit devices

After searching for devices using the Locate View, you are presented with a list of results. From within that list you can edit device group membership, view device properties and view the port and hosts associated with the selected device.

View/modify device group membership

  1. Select Bookmarks > Locate.
  2. Enter the search criteria in the Locate Devices view.
  3. Go to the Views column in the search results and click the Group Membership icon.
  4. The group properties for the selected device are displayed.
  5. Add or remove groups as needed and click Apply to save changes.

If an item is placed in a subgroup, it can only be removed when viewing the membership of that subgroup. It cannot be removed from the parent group containing the subgroup.

For example, the L2 network devices group contains the Wired Devices and Wireless Devices subgroups. The Wired Devices subgroup contains four 3COM switches. The Wireless Devices subgroup contains two Cisco switches. The L2 network devices group membership list shows all six switches, but to remove one of the 3COM switches you must go to the Wired Devices membership list.

View device properties

  1. Select Bookmarks > Locate.
  2. Enter the search criteria in the Locate Devices view.
  3. Go to the Views column in the search results and click the Device Properties icon.
  4. The properties for the selected device are displayed.

View device ports and hosts

The Device Ports and Hosts results contain VLAN (Current and Default) and Host (Name and IP) information for each port on the device.

  1. Select Bookmarks > Locate.
  2. Enter the search criteria in the Locate Devices view.
  3. Go to the Views column in the search results and click the Ports and Hosts icon.
  4. The ports and hosts for the selected device are displayed.

View SSIDs

All SSIDs on the device are listed with the current and default VLAN setting. If a host is connected on a port, the adapter MAC address and IP information are also displayed.

Locate

Locate

Click Bookmarks > Locate on the dashboard to locate devices, users or hosts. Enter information in any or all of the fields.

Locate devices or hosts

  1. Select Bookmarks > Locate.
  2. Select a search type.

    Search Type

    Description

    All

    This option searches for both devices and hosts.

    Devices

    Use this option to locate network devices.

    Hosts/Users

    Use this option to locate hosts or users.

  3. Enter the search criteria. To reduce the potential for a significant number of records being returned in the search results, you must enter a value into one of the search fields.

    If the search type is set to All and you enter data in the Name field, FortiNAC searches for user sast names and network device names.

  4. Click Search.

Locate hosts and users

This window can be used to search your database for hosts and users of many types. Guests, contractors and conference attendees are also considered users and can be located using this window or through the Guest/Contractor Accounts window. See Guest/contractor accounts.

You cannot locate guest or contractor accounts until the account is automatically created on the specified date. For example, a contractor account scheduled for March 1 cannot be located until that date.

Use the Locate window to:

  • Check that a record for a host exists.
  • See where the host is on the network.
  • Check the connect status and access of the host.
  • Search for a registered host by MAC address to see where it is on the system.
  • Use wild cards to search for hosts or users. See Wild cards for additional information.

Locate hosts

  1. Select Bookmarks > Locate.
  2. Select Hosts/Users from the Search Type drop-down list.
  3. Enter the Search criteria.
  4. Click Search.
Fields

Field

Description

Registered hosts/devices

Last Name

Last name of a user associated with the registered host or the vendor name of a rogue host.

IP address

IP address of the host.

Additional adapter info

MAC Type

MAC Type for the host. The available options are: Invalid, Valid or Both.

Connect State

Connect State of the adapter. Options include: Both, Off line or On line.

Access

Access state of the adapter. Options include, Enabled, Disabled or Both.

Physical Address

MAC address of the adapter on the host.

Media Type

Searches the Media Type field in the Adapter Properties. Typically this would be either wired or wireless.

Access Value

Name or number of the network access identifier given to this adapter based on the state of the host and the device to which the adapter is connected, such as VLAN ID, VLAN Name or Aruba Role.

Additional host info

Host Name

Name of the host.

Agent Version

Version number of the Persistent Agent, Mobile Agent, or Dissolvable Agent on the host.

Operating System

Operating system on the host.

Hardware

Hardware type of the host.

Host Type

Narrow the search by a specific type of host: All, IP Phone, Registered or Rogue.

Authenticated State

Include hosts on which a user has Authenticated, Not-authenticated or Both.

Security State

Include hosts that are Safe, At Risk, Pending At Risk or All.

Search results for Safe hosts include Pending At Risk hosts. Pending At Risk is a sub-set of Safe hosts.

Persistent Agent

The Persistent Agent usage of the host. Options include:

  • No Agent: Hosts with no agent.
  • Agent: Hosts using the Persistent Agent.
  • Both: Includes both hosts that have the Persistent Agent or no Agent.

Connect State

The connect state of the adapter. Options include both, offline, or online.

Access

The access state of the host. Options include enabled, disabled, or both.

Host Role

Name of the Role assigned to the host. Roles are used to group hosts and are used as filters in user/host profiles.

Security & Access Value

Directory attribute used as a filter when determining which policies apply to hosts. Data contained in this field is copied from the user's account in the directory to the Security and Access value field on the User, Host and Adapter Properties. It can also be entered manually.

Additional user info

First Name

First name of the user associated with the host.

User ID

Unique alphanumeric ID. Typically comes from the directory but if you are not using a directory, this field can be created manually.

Title

User's title, this could be a form of address or their title within the organization.

Admin Profile

Searches both administrators and network users. Options include: Any or a list of your administrator profiles. To search network users and guests or contractors, select Any.

Sponsor

If the administrator performing the search has sponsor privileges, his User Name may be filled in this field. Depending on permissions, a sponsor's search may be limited to the hosts he created and then registered.

Sponsors with the ability to view all accounts can use this field to find hosts created and then registered by a specific sponsor by entering that sponsor's user name in this field.

User Role

Name of the Role assigned to the user. Roles are used to group users and as filters in user/host profiles.

Access

The Access state of the user. Options include, Enabled, Disabled or Both.

Security & Access Value

Directory attribute used as a filter in user/host profiles when determining which Policies apply to hosts. Data contained in this field is copied from the user's account in the directory to the Security and Access value field on the User, Host and Adapter Properties. It can also be entered manually.

Search results

Search results displays the host and user information and provides access to other host-specific information such as Adapter Properties, Host Properties, group membership, port properties, and Device Properties. Administrators can delete hosts, adapters and users from this view.

Column

Description

Server

Server managing the host.

Name

Last name of the user (from the user record), hostname or vendor name. This column could contain any combination of this data.

ID

ID of the host or user.

IP address

IP address of the host.

Physical Address

MAC address of the host.

Location

Device the host is connected to, such as a switch or a router.

Views

Icons that provide access to other related information. Click an icon to go to that view from the results window. Options include: Adapter Properties, Host Properties, group membership, Ports Properties and Device Properties.

Remove Buttons

Click the one or more check boxes in the left column to select items for deletion. Selected are removed items from the server where they were being managed. Only administrators can delete.

Remove options are as follows:

  • Remove Host And Adapters: Deletes the selected host and all corresponding adapters. If a host has a wired and a wireless adapter, both are removed from the database.
  • Remove Adapter: Deletes only the selected adapter but leaves the host record, other adapter records and the user record in the database.
  • Remove Host Adapters And User: Deletes everything associated with the selected host from the database.
  • Remove User: Deletes the user associated with the selected host from the database.

Edit hosts

After searching for hosts using the Locate view, you are presented with a list of results. From within that list you can delete hosts, users and adapters, edit group membership and view adapter properties.

Delete hosts

  1. Select Bookmarks > Locate.
  2. Enter the search criteria in the Locate view.
  3. In the search results, select the check box next to the record(s) to be deleted.
  4. Click Remove at the bottom of the window.

View or modify group membership

  1. Select Bookmarks > Locate.
  2. Enter the search criteria in the Locate view.
  3. Go to the Views column in the search results and click the Group Membership icon.
  4. The groups that contain this host or user are displayed.
  5. Add or remove groups as needed and click Apply to save changes.

If an item is placed in a subgroup, it can only be removed when viewing the membership of that subgroup. It cannot be removed from the parent group containing the subgroup.

For example, the L2 network devices group contains the Wired Devices and Wireless Devices subgroups. The Wired Devices subgroup contains four 3COM switches. The Wireless Devices subgroup contains two Cisco switches.The L2 network devices group membership list shows all six switches, but to remove one of the 3COM switches you must go to the Wired Devices membership list.

View properties

  1. Select Bookmarks > Locate.
  2. Enter the search criteria in the Locate view.
  3. Go to the Views column in the search results and click the Properties icon.
  4. The properties for the selected adapter, host or user are displayed.

Locate devices

  1. Select Bookmarks > Locate.
  2. Select Devices from the Search Type drop-down list.
  3. Enter the Search criteria.
  4. Click Search.
Fields

Field

Definition

Name

Name of the device.

IP address

IP address of the device.

Status

The status of the device:

Any: Show device regardless of current status.

Management Lost: System is still in contact with the server, but the server is not managing anything.

Lost: Cannot ping a known device.

Unknown: Very brief status that only occurs while pinging a new device. Once the device responds to the ping the status changes.

Established: Device can be pinged and is in contact.

Protocol

Protocol used to communicate with the device. Options include: Pingable, SNMP or Both.

Physical Address

Physical address of the device.

If you enter a value for this option in the All or Device search, all of the device ports with a matching MAC address are shown in the results. If you do not enter a MAC address, only the device model is shown in the results.

Results

Field

Definition

Server

Name of the FortiNAC Control Server where the device is located.

Name

Name of the device.

IP address

IP address of the device.

Physical Address

MAC address of the device.

Type

Device type (vendor name/model).

Status

Contact status of the device.

Views

Icons that provide access to device specific views. Click an icon to go to that view from the results window. Options include: Device Properties, device group membership and Ports and Hosts.

Edit devices

After searching for devices using the Locate View, you are presented with a list of results. From within that list you can edit device group membership, view device properties and view the port and hosts associated with the selected device.

View/modify device group membership

  1. Select Bookmarks > Locate.
  2. Enter the search criteria in the Locate Devices view.
  3. Go to the Views column in the search results and click the Group Membership icon.
  4. The group properties for the selected device are displayed.
  5. Add or remove groups as needed and click Apply to save changes.

If an item is placed in a subgroup, it can only be removed when viewing the membership of that subgroup. It cannot be removed from the parent group containing the subgroup.

For example, the L2 network devices group contains the Wired Devices and Wireless Devices subgroups. The Wired Devices subgroup contains four 3COM switches. The Wireless Devices subgroup contains two Cisco switches. The L2 network devices group membership list shows all six switches, but to remove one of the 3COM switches you must go to the Wired Devices membership list.

View device properties

  1. Select Bookmarks > Locate.
  2. Enter the search criteria in the Locate Devices view.
  3. Go to the Views column in the search results and click the Device Properties icon.
  4. The properties for the selected device are displayed.

View device ports and hosts

The Device Ports and Hosts results contain VLAN (Current and Default) and Host (Name and IP) information for each port on the device.

  1. Select Bookmarks > Locate.
  2. Enter the search criteria in the Locate Devices view.
  3. Go to the Views column in the search results and click the Ports and Hosts icon.
  4. The ports and hosts for the selected device are displayed.

View SSIDs

All SSIDs on the device are listed with the current and default VLAN setting. If a host is connected on a port, the adapter MAC address and IP information are also displayed.