Fortinet Document Library

Version:

Version:


Table of Contents

Administration Guide

Download PDF
Copy Link

Profiles for device managers

In FortiNAC, you can create an administrator and give that user an administrator profile that contains permissions for the device profiler feature set. These privileges are designed to restrict this user to certain parts of the program.

For device profiler, the administrator profile, referred to as a Device manager in documentation, requires permission for Profiled Devices. This allows the user to manage new devices and categorize them.

Additional permissions can be given to Device Managers based on the parameters of their responsibilities. Create one or more administrator profiles for these types of users. See Administrator profiles.

Device profiler

This procedure describes how to create an administrator profile for an administrator with permissions for device profiler. This user can access the Profiled Devices tab and use that window to register, delete, enable or disable hosts and enter notes about a host. The Profiled Devices window displays devices that are treated as hosts and are also displayed in the Host View.

You can have an administrator profile that allows an administrator to perform additional tasks by adding more permission sets. These step-by-step instructions assume that the administrator profile will provide permissions only for device profiler. Details on other settings and permissions sets see Add an administrator profile.

  1. Click Users > Admin Profiles.
  2. Click Add. The Add Admin Profile screen appears with the General tab highlighted.
  3. On the General tab, enter a name for the profile, such as Device Manager.
  4. Under Manage Hosts and Ports, select All.
  5. Leave the defaults for the remaining fields and click on the Permissions tab.
  6. On the Permissions tab note that some permissions are dependent on each other. Refer to the Permissions list for additional information.
  7. The minimum that this Device Manager must have is the Profiled Devices permission set. Select all of the check boxes for this set including the Custom check box.
  8. When you select the Profiled Devices permission set, the Landing Page field defaults to Profiled Devices.
  9. The Profile Devices tab is enabled when Custom is selected for the Profiled Devices permission set. Click on the Profiled Devices tab.
  10. Use the table below to configure the Profile Devices specific fields.
  11. Click OK to save.
Settings

Field

Definition

Register, Delete, and Disable Profiled Devices

If enabled, the user can register, delete and disable devices that have been profiled by device profiler.

Modify Device Rule Confirmation Settings

If enabled, the user can change rule confirmation settings on devices that have been profiled by device profiler. Rule confirmation settings control whether or not device profiler checks a previously profiled device to determine if it still meets the criteria of the rule that categorized the device.

Manage Profiled Devices Using These Rules

  • All Rules: includes current rules and any rules created in the future.
  • Specify Rules: you must choose the rules from the Available Rules field and manually move them to the Specify Rules field.

Available Rules

Shows the existing rules you can select for this profile. Select the rule and click the right arrow to move it to the Selected Rules pane.

Selected Rules

Shows the rules you selected from the Available Rules section. The user can only access the devices associated with the rules in this list.

Add Icon

Create a new Device Profiling Rule. For information on rules, see Adding a rule.

Modify Icon

Modify the selected Device Profiling Rule. For information on rules, see Adding a rule.

Profiles for device managers

In FortiNAC, you can create an administrator and give that user an administrator profile that contains permissions for the device profiler feature set. These privileges are designed to restrict this user to certain parts of the program.

For device profiler, the administrator profile, referred to as a Device manager in documentation, requires permission for Profiled Devices. This allows the user to manage new devices and categorize them.

Additional permissions can be given to Device Managers based on the parameters of their responsibilities. Create one or more administrator profiles for these types of users. See Administrator profiles.

Device profiler

This procedure describes how to create an administrator profile for an administrator with permissions for device profiler. This user can access the Profiled Devices tab and use that window to register, delete, enable or disable hosts and enter notes about a host. The Profiled Devices window displays devices that are treated as hosts and are also displayed in the Host View.

You can have an administrator profile that allows an administrator to perform additional tasks by adding more permission sets. These step-by-step instructions assume that the administrator profile will provide permissions only for device profiler. Details on other settings and permissions sets see Add an administrator profile.

  1. Click Users > Admin Profiles.
  2. Click Add. The Add Admin Profile screen appears with the General tab highlighted.
  3. On the General tab, enter a name for the profile, such as Device Manager.
  4. Under Manage Hosts and Ports, select All.
  5. Leave the defaults for the remaining fields and click on the Permissions tab.
  6. On the Permissions tab note that some permissions are dependent on each other. Refer to the Permissions list for additional information.
  7. The minimum that this Device Manager must have is the Profiled Devices permission set. Select all of the check boxes for this set including the Custom check box.
  8. When you select the Profiled Devices permission set, the Landing Page field defaults to Profiled Devices.
  9. The Profile Devices tab is enabled when Custom is selected for the Profiled Devices permission set. Click on the Profiled Devices tab.
  10. Use the table below to configure the Profile Devices specific fields.
  11. Click OK to save.
Settings

Field

Definition

Register, Delete, and Disable Profiled Devices

If enabled, the user can register, delete and disable devices that have been profiled by device profiler.

Modify Device Rule Confirmation Settings

If enabled, the user can change rule confirmation settings on devices that have been profiled by device profiler. Rule confirmation settings control whether or not device profiler checks a previously profiled device to determine if it still meets the criteria of the rule that categorized the device.

Manage Profiled Devices Using These Rules

  • All Rules: includes current rules and any rules created in the future.
  • Specify Rules: you must choose the rules from the Available Rules field and manually move them to the Specify Rules field.

Available Rules

Shows the existing rules you can select for this profile. Select the rule and click the right arrow to move it to the Selected Rules pane.

Selected Rules

Shows the rules you selected from the Available Rules section. The user can only access the devices associated with the rules in this list.

Add Icon

Create a new Device Profiling Rule. For information on rules, see Adding a rule.

Modify Icon

Modify the selected Device Profiling Rule. For information on rules, see Adding a rule.