Fortinet Document Library

Version:

Version:


Table of Contents

Administration Guide

Download PDF
Copy Link

Pingable device properties

The Properties view for Pingable Devices, such as IPS/IDS system, has Element and Details tabs. Maintain device information and change settings on these tabs.

  1. Click Network Devices > Topology.
  2. Expand the container where the device is located.
  3. Click on the device and properties are displayed in the right pane.
Element tab settings

Field

Definition

Container

Container in the Topology where this device is stored.

Name

Name of the device

IP address

IP address of the device

Physical Address

The MAC address of the device.

Appears in the view only when the device is a pingable.

Device Type

Select the device type from the drop-down list.

Incoming Events

  • Not Applicable
  • Syslog
  • Security Events
    Available when ATR is configured.

When Syslog is selected, available syslog files appear that can be used by FortiNAC to parse information received from the external devices and generate an event. See Syslog management.

When Security Events is selected, available security event parsers appear that can be used by FortiNAC to parse information received from the external devices and generate a security event. See Security event parsers.

SSO Agent

  • Not Applicable
  • Custom Script
  • Palo Alto
  • RADIUS
  • iboss

Custom Script

Displayed when Custom Script is selected in the SSO Agent field. Allows you to write and select a script that will integrate with a SSO Agent that is not currently supported.

Apply to Group

Select this check box to apply the Custom Script SSO options only to the selected Host group in the drop-down list. If you do not select the check box, the SSO options are applied to all Host groups.

RADIUS Accounting Port

Displayed when RADIUS is selected in the SSO Agent field. Port on the Fortinet Single Sign-On User Agent configured to receive RADIUS Accounting messages from external devices. This port must match the port configured in Fortinet.

RADIUS Secret

Displayed when RADIUS is selected in the SSO Agent field. Must match the RADIUS secret configured for FortiNAC in Fortinet.

Apply to Group

Select this check box to apply the RADIUS SSO options only to the selected Host group in the drop-down list. If you do not select the check box, the SSO options are applied to all Host groups.

XML API Port

Displayed when Palo Alto User Agent is selected in the SSO Agent field. Port on the Palo Alto User Agent configured to receive messages from external devices. This port must match the XML API port configured on the Palo Alto User Agent.

See Add or modify the Palo Alto User-ID agent as a pingable.

Domain Name

Displayed when Palo Alto User Agent is selected in the SSO Agent field. FQDN for your network users' domain. This is sent with the logged in user ID to Palo Alto.

Use Integrated Agent

When selected, FortiNAC will integrate with the firewall directly.

API Key

Displayed when the Use Integrated Agent check box is selected. Enter the API Key value. The key can be retrieved manually or by selecting Retrieve.

Apply to Group

Select this check box to apply the Palo Alto SSO options only to the selected Host group in the drop-down list. If you do not select the check box, the SSO options are applied to all Host groups.

iboss Port

Displayed when iboss is selected in the SSO Agent field. The IBOSS port is the IBOSS HTTP port that is used to talk to the IBOSS SSO agent. The IBOSS port is defined in the IBOSS SSO GUI.

iboss Key

Displayed when iboss is selected in the SSO Agent field. The IBOSS key is a security key used to talk to the IBOSS SSO agent.The IBOSS key is defined in the IBOSS SSO GUI.

iboss Domain

Displayed when iboss is selected in the SSO Agent field. The iboss Domain is a required field that allows the user to enter their Active Directory Domain Name.

Apply to Group

Select this check box to apply the iboss SSO options only to the selected Host group in the drop-down list. If you do not select the check box, the SSO options are applied to all Host groups.

Role

The Role for this device. Available roles appear in the drop-down list.

Description

Description of the device entered by the Administrator.

Note

User specified notes about the device.

Contact Status Polling

Enable or disable contact status polling for the selected device.

Poll Interval

Determines how often the device should be polled for communication status. Time is stored in minutes.

Poll Now

Polls the device immediately for contact status.

Last Successful Poll

Date and time that the device was last polled successfully.

Last Attempted Poll

Date and time that the device was last polled.

Details tab settings

Field

Definition

Host Name

Name of the device.

Department

Name of the department.

Owner

Name of the owner of the device.

Administrative Contact

Administrative contact person for the device.

Geographical Location

Geographical location of the device (for example, Res Hall A, Equipment Closet 1st Floor, Rack 2, Unit 3).

Business Purpose

Business purpose of the device.

BOOTP Address

IP address for the BOOTP Protocol.

Print Queue

Name of the print queue for the device.

Pingable device properties

The Properties view for Pingable Devices, such as IPS/IDS system, has Element and Details tabs. Maintain device information and change settings on these tabs.

  1. Click Network Devices > Topology.
  2. Expand the container where the device is located.
  3. Click on the device and properties are displayed in the right pane.
Element tab settings

Field

Definition

Container

Container in the Topology where this device is stored.

Name

Name of the device

IP address

IP address of the device

Physical Address

The MAC address of the device.

Appears in the view only when the device is a pingable.

Device Type

Select the device type from the drop-down list.

Incoming Events

  • Not Applicable
  • Syslog
  • Security Events
    Available when ATR is configured.

When Syslog is selected, available syslog files appear that can be used by FortiNAC to parse information received from the external devices and generate an event. See Syslog management.

When Security Events is selected, available security event parsers appear that can be used by FortiNAC to parse information received from the external devices and generate a security event. See Security event parsers.

SSO Agent

  • Not Applicable
  • Custom Script
  • Palo Alto
  • RADIUS
  • iboss

Custom Script

Displayed when Custom Script is selected in the SSO Agent field. Allows you to write and select a script that will integrate with a SSO Agent that is not currently supported.

Apply to Group

Select this check box to apply the Custom Script SSO options only to the selected Host group in the drop-down list. If you do not select the check box, the SSO options are applied to all Host groups.

RADIUS Accounting Port

Displayed when RADIUS is selected in the SSO Agent field. Port on the Fortinet Single Sign-On User Agent configured to receive RADIUS Accounting messages from external devices. This port must match the port configured in Fortinet.

RADIUS Secret

Displayed when RADIUS is selected in the SSO Agent field. Must match the RADIUS secret configured for FortiNAC in Fortinet.

Apply to Group

Select this check box to apply the RADIUS SSO options only to the selected Host group in the drop-down list. If you do not select the check box, the SSO options are applied to all Host groups.

XML API Port

Displayed when Palo Alto User Agent is selected in the SSO Agent field. Port on the Palo Alto User Agent configured to receive messages from external devices. This port must match the XML API port configured on the Palo Alto User Agent.

See Add or modify the Palo Alto User-ID agent as a pingable.

Domain Name

Displayed when Palo Alto User Agent is selected in the SSO Agent field. FQDN for your network users' domain. This is sent with the logged in user ID to Palo Alto.

Use Integrated Agent

When selected, FortiNAC will integrate with the firewall directly.

API Key

Displayed when the Use Integrated Agent check box is selected. Enter the API Key value. The key can be retrieved manually or by selecting Retrieve.

Apply to Group

Select this check box to apply the Palo Alto SSO options only to the selected Host group in the drop-down list. If you do not select the check box, the SSO options are applied to all Host groups.

iboss Port

Displayed when iboss is selected in the SSO Agent field. The IBOSS port is the IBOSS HTTP port that is used to talk to the IBOSS SSO agent. The IBOSS port is defined in the IBOSS SSO GUI.

iboss Key

Displayed when iboss is selected in the SSO Agent field. The IBOSS key is a security key used to talk to the IBOSS SSO agent.The IBOSS key is defined in the IBOSS SSO GUI.

iboss Domain

Displayed when iboss is selected in the SSO Agent field. The iboss Domain is a required field that allows the user to enter their Active Directory Domain Name.

Apply to Group

Select this check box to apply the iboss SSO options only to the selected Host group in the drop-down list. If you do not select the check box, the SSO options are applied to all Host groups.

Role

The Role for this device. Available roles appear in the drop-down list.

Description

Description of the device entered by the Administrator.

Note

User specified notes about the device.

Contact Status Polling

Enable or disable contact status polling for the selected device.

Poll Interval

Determines how often the device should be polled for communication status. Time is stored in minutes.

Poll Now

Polls the device immediately for contact status.

Last Successful Poll

Date and time that the device was last polled successfully.

Last Attempted Poll

Date and time that the device was last polled.

Details tab settings

Field

Definition

Host Name

Name of the device.

Department

Name of the department.

Owner

Name of the owner of the device.

Administrative Contact

Administrative contact person for the device.

Geographical Location

Geographical location of the device (for example, Res Hall A, Equipment Closet 1st Floor, Rack 2, Unit 3).

Business Purpose

Business purpose of the device.

BOOTP Address

IP address for the BOOTP Protocol.

Print Queue

Name of the print queue for the device.