Fortinet Document Library

Version:

Version:


Table of Contents

Administration Guide

Download PDF
Copy Link

Managing rules

Device profiling rules displays the default set of rules provided. Use this window to modify the default rules or to create your own set of rules. Default rules vary depending on the version of the software and the firmware installed. Upgrading to a newer version of the software does not add or modify default rules.

Disabled rules are ignored when processing rogues. Device Profiling rules are disabled by default and are set not to register devices. When you are ready to begin profiling, enable the rule or rules you wish to use.

Enabling certain rules could result in all unregistered PCs on your network being displayed in the Profiled Devices window. Review each rule carefully before enabling it.

The Catch All rule is always at the end of the list and its rank cannot be changed. As new rules are added they are inserted into the list immediately above the Catch All rule. This guarantees that all rogues profiled by device profiler are associated with a rule and can be managed by an administrator with the appropriate administrator profile, a Device manager. Device managers cannot manage devices that are not associated with a rule. This rule has no identification methods and no device type.

Device profiling rules created on the FortiNAC will be ranked above global device profiling rules created on the NCM. The rank of a local Device Profiling Rule can be adjusted above or below another local Device Profiling Rule, but cannot be ranked below a global Device Profiling Rule. The rank for a global Device Profiling Rule cannot be modified from the FortiNAC.

Settings

An empty field in a column indicates that the option has not been set.

Field

Definition

Table configuration

Rank Buttons

Moves the selected rule up or down in the list. Devices are compared to rules in order by rank.

Set Rank Button

Allows you to type a different rank number for a rule and immediately move the rule to that position. In an environment with a large number of rules this process is faster than using the up and down Rank buttons.

Rank can only be set on local policies, rank changes for global policies must be done at the NCM.

Enable Buttons

Enables or disables the selected rule. If a rule is disabled it is not used when processing a rogue host.

Table columns

Rogue Evaluation Queue Size

Indicates the number of Rogues waiting to be processed by the device profiling rules. The queue is filled by Rogues as they connect to the network. If you select Run, any rogues that were not previously categorized are added to the queue immediately. This number moves up and down as the system processes rogues.

Enabled

A green check mark indicates that the rule is enabled. A red circle indicates that the rule is disabled.

Rank

Rule's rank in the list of rules. Rank controls the order in which devices are compared to rules.

Name

User defined name for the rule.

Type

Device type that is assigned when the rule is a match for a rogue host.

Registration

Indicates whether devices matching this rule are registered automatically or manually.

Methods

The method or methods used to identify a device. Methods include: IP Range, DHCP fingerprinting, Location, TCP, NMAP, Passive Fingerprinting, vendor OUI and UDP.

Register As Device

When a device is registered it can be placed in the Host View, the Topology, or both. This column indicates where the device is placed when it is registered. If the column is blank, then the registration option has not been set for this rule.

Notify

A green check mark indicates that Notify is enabled. When a new device is detected and it matches this rule, an email is sent to all Device managers that have this rule associated with their administrator profile.

A red circle indicates that the Notify option is disabled.

Role

Role assigned to devices matching this rule.

Access
Availability

Times that devices matching this rule are permitted to access the network. Devices matching this rule are marked "At Risk" for the Guest No Access admin scan during the times they are not permitted to access the network.

Add To Group

Devices matching this rule are added to the group displayed. Add to Group is only available for devices that are added to the Host View.

Container

Devices matching this rule are added to the Container displayed. Devices can only be placed in a Container if they are being added to the Topology.

Confirm Rule On Connect

If enabled, device profiler confirms that previously profiled devices associated with this rule still match this rule the next time they connect to the network. A green check mark indicates that the option is enabled. A red circle indicates that the option is disabled.

Confirm Rule
Interval

If enabled, device profiler confirms at set intervals that previously profiled devices associated with this rule still match this rule.

Confirmation
Failure Action

If enabled, device profiler disables previously profiled devices that no longer match their associated rule.

Last Modified By

User name of the last user to modify the rule.

Last Modified Date

Date and time of the last modification to this rule.

Right click options

Copy

Copy the selected Rule to create a new record.

Delete

Deletes the selected Rule(s). Removes the association between that rule and the devices it matched. Devices associated with deleted rules will no longer display on the Profiled Devices window.

Show Audit Log

Opens the admin auditing log showing all changes made to the selected item.

For information about the admin auditing log, see Admin auditing

Note

You must have permission to view the admin auditing log. See Add an administrator profile.

Modify

Opens the Modify Device Profiling Rule window for the selected rule.

Buttons

Export

Exports the data displayed to a file in the default downloads location. File types include CSV, Excel, PDF, or RTF. See Export data.

Run Button

Used to re-run the device profiler process when rules have been modified or added. Devices that have already been categorized are not affected. Only rogues that remain in the Host View are processed. If rules are set to notify Device managers via e-mail when rogues connect, processing existing rogues triggers those e-mails again.

Rogues that are no longer connected are ignored.

Managing rules

Device profiling rules displays the default set of rules provided. Use this window to modify the default rules or to create your own set of rules. Default rules vary depending on the version of the software and the firmware installed. Upgrading to a newer version of the software does not add or modify default rules.

Disabled rules are ignored when processing rogues. Device Profiling rules are disabled by default and are set not to register devices. When you are ready to begin profiling, enable the rule or rules you wish to use.

Enabling certain rules could result in all unregistered PCs on your network being displayed in the Profiled Devices window. Review each rule carefully before enabling it.

The Catch All rule is always at the end of the list and its rank cannot be changed. As new rules are added they are inserted into the list immediately above the Catch All rule. This guarantees that all rogues profiled by device profiler are associated with a rule and can be managed by an administrator with the appropriate administrator profile, a Device manager. Device managers cannot manage devices that are not associated with a rule. This rule has no identification methods and no device type.

Device profiling rules created on the FortiNAC will be ranked above global device profiling rules created on the NCM. The rank of a local Device Profiling Rule can be adjusted above or below another local Device Profiling Rule, but cannot be ranked below a global Device Profiling Rule. The rank for a global Device Profiling Rule cannot be modified from the FortiNAC.

Settings

An empty field in a column indicates that the option has not been set.

Field

Definition

Table configuration

Rank Buttons

Moves the selected rule up or down in the list. Devices are compared to rules in order by rank.

Set Rank Button

Allows you to type a different rank number for a rule and immediately move the rule to that position. In an environment with a large number of rules this process is faster than using the up and down Rank buttons.

Rank can only be set on local policies, rank changes for global policies must be done at the NCM.

Enable Buttons

Enables or disables the selected rule. If a rule is disabled it is not used when processing a rogue host.

Table columns

Rogue Evaluation Queue Size

Indicates the number of Rogues waiting to be processed by the device profiling rules. The queue is filled by Rogues as they connect to the network. If you select Run, any rogues that were not previously categorized are added to the queue immediately. This number moves up and down as the system processes rogues.

Enabled

A green check mark indicates that the rule is enabled. A red circle indicates that the rule is disabled.

Rank

Rule's rank in the list of rules. Rank controls the order in which devices are compared to rules.

Name

User defined name for the rule.

Type

Device type that is assigned when the rule is a match for a rogue host.

Registration

Indicates whether devices matching this rule are registered automatically or manually.

Methods

The method or methods used to identify a device. Methods include: IP Range, DHCP fingerprinting, Location, TCP, NMAP, Passive Fingerprinting, vendor OUI and UDP.

Register As Device

When a device is registered it can be placed in the Host View, the Topology, or both. This column indicates where the device is placed when it is registered. If the column is blank, then the registration option has not been set for this rule.

Notify

A green check mark indicates that Notify is enabled. When a new device is detected and it matches this rule, an email is sent to all Device managers that have this rule associated with their administrator profile.

A red circle indicates that the Notify option is disabled.

Role

Role assigned to devices matching this rule.

Access
Availability

Times that devices matching this rule are permitted to access the network. Devices matching this rule are marked "At Risk" for the Guest No Access admin scan during the times they are not permitted to access the network.

Add To Group

Devices matching this rule are added to the group displayed. Add to Group is only available for devices that are added to the Host View.

Container

Devices matching this rule are added to the Container displayed. Devices can only be placed in a Container if they are being added to the Topology.

Confirm Rule On Connect

If enabled, device profiler confirms that previously profiled devices associated with this rule still match this rule the next time they connect to the network. A green check mark indicates that the option is enabled. A red circle indicates that the option is disabled.

Confirm Rule
Interval

If enabled, device profiler confirms at set intervals that previously profiled devices associated with this rule still match this rule.

Confirmation
Failure Action

If enabled, device profiler disables previously profiled devices that no longer match their associated rule.

Last Modified By

User name of the last user to modify the rule.

Last Modified Date

Date and time of the last modification to this rule.

Right click options

Copy

Copy the selected Rule to create a new record.

Delete

Deletes the selected Rule(s). Removes the association between that rule and the devices it matched. Devices associated with deleted rules will no longer display on the Profiled Devices window.

Show Audit Log

Opens the admin auditing log showing all changes made to the selected item.

For information about the admin auditing log, see Admin auditing

Note

You must have permission to view the admin auditing log. See Add an administrator profile.

Modify

Opens the Modify Device Profiling Rule window for the selected rule.

Buttons

Export

Exports the data displayed to a file in the default downloads location. File types include CSV, Excel, PDF, or RTF. See Export data.

Run Button

Used to re-run the device profiler process when rules have been modified or added. Devices that have already been categorized are not affected. Only rogues that remain in the Host View are processed. If rules are set to notify Device managers via e-mail when rogues connect, processing existing rogues triggers those e-mails again.

Rogues that are no longer connected are ignored.