Fortinet black logo

Administration Guide

Scans

Copy Link
Copy Doc ID dc02a854-ab11-11ea-8b7d-00505692583a:4612
Download PDF

Scans

The Scans view allows you to configure network scans or sets of rules that are used to scan hosts for compliance. Scans are included in endpoint compliance configurations that are paired with user/host profiles, which form endpoint compliance polices. When a host is evaluated and requires an endpoint compliance policy, FortiNAC goes through the list of polices and compares user and host information to the associated user/host profile. When a match is found, the endpoint compliance configuration inside the policy is applied to the host. That configuration contains the scan and agent information used to evaluate the host.

Scans typically consist of lists of permitted operating systems and required antivirus software. In addition, custom scans can be created for more detailed scanning such as, searching the registry for particular entries, searching the hard drive for specific files, or verifying that hotfixes have been installed. Individual scans can be scheduled to run at regular intervals if your organization requires frequent rescans.

The results of a scan are stored on the Host Health tab in the Host Properties view. Refer to Host health and scanning for additional information.

When you scan hosts, the agent first checks to see if a required item is installed and then proceeds to scan for additional details about that item. For example, if the host is required to run Windows 10 and that operating system is not installed, the agent does not check to see if the updates have been installed. Scan results, therefore, are reduced because needless scans are minimized. In the scan results, the host fails only for not having the operating system.

Using the example from the table shown above, the Agent ignores items that are not checked or selected. With this agent, you would achieve the following results.

  • Operating system 1 requires antivirus 3. The agent does not test to see that antivirus 1 and 2 are not installed, therefore, the host cannot pass the scan unless it has operating system 1 with antivirus 3.
  • Operating system 2 requires either antivirus 1 or antivirus 2. The agent does not test for antivirus 1.
  • Operating system 3 requires either antivirus 1, antivirus 2, or antivirus 3.
Settings

Field

Definition

Scan Name

Each scan must have a unique name.

Remediation

Indicates when the host is moved to Remediation. Options include:

On Failure: Host is moved to remediation immediately after failing a scan.

Delayed: Host is moved to remediation after a user specified delay if the reason for the scan failure has not been addressed.

Audit Only: Host is scanned and a failure report is generated, but the host is never moved to remediation.

Scan On Connect

Indicates whether this option is enabled or disabled. Scan On Connect forces a rescan every time the host assigned this scan connects to the network. See Scan on connect.

This option only affects hosts running the Persistent Agent.

Renew IP (Supported by Dissolvable Agent Only)

Indicates whether the Renew IP option is enabled or disabled. When this option is enabled, it causes the Dissolvable Agent to actively release and renew the IP address of the host after it has completed its scan. The Renew IP option is only supported on Windows and macOS.

Scan Failure Link Label

Label displayed on the failure page when a network user's PC has failed a scan. If no label is provided, the scan name is used. The label or scan name is a link that takes the user to a page indicating why the PC has failed the scan.

Agent Order Of
Operations
Remediation = On Failure

This set of options is available only when Remediation is set to On Failure.

Determines the order in which the agent performs its tasks. Choose one of the following:

Scan Before Registering: The host downloads the Agent and is scanned in the registration network before being registered. If the scan fails you must choose one of the following:

  • Do not Register, Remediate: Host remains a Rogue and stays in the registration network until it passes the scan. Note the host will not be marked "at risk." Default setting.
  • Register and mark At Risk: The host is registered immediately after the scan and then moved to Quarantine.
Note

Persistent Agent always registers and marks at risk.

Register, then Scan (if the scan fails, Remediate): The host does not download an agent in the Registration network. Instead, the host is registered and moved to Quarantine to download the Agent and be scanned.

Agent Order Of
Operations

Remediation = Delay or Audit Only

The option below is available only when Remediation is set to Delay or Audit Only.

If scan fails - Register or Remediate: If the host fails a scan, a web page with a Register option and a Remediate option is displayed to the user.

If the user chooses the Remediate option, the host is placed in remediation and the user must correct all issues and rescan.

If the user chooses the Register option, the host is placed in production. The user can correct all of the issues and re-run the Agent.

Patch URL

URL for the web page to be displayed when a host using the Dissolvable Agent fails the scan. This web page allows the user to download the agent and rescan after addressing the issues that caused the failure. Hosts using the Persistent Agent have the agent installed and do not use this page.

Root Detection

Indicates whether this option is enabled or disabled. If enabled, rooted mobile devices are not allowed to register.

Mobile Agent devices determines whether or not the device has been rooted. Rooting is a process allowing users of devices running the Android operating system to attain privileged control (known as "root access") within Android's subsystem.

Last Modified By

User name of the last user to modify the scan.

Last Modified Date

Date and time of the last modification to this scan.

Right click options

Copy

Copy the selected Scan to create a new record.

Delete

Deletes the selected Scan. Scans that are currently in use cannot be deleted.

In Use

Indicates whether or not the selected Scan is currently being used by any other FortiNAC element. See Scans in use.

Modify

Opens the Modify Scan window for the selected Scan.

Schedule

Opens the Schedule Policy view for the selected scan and allows you to add a schedule for host rescans using that Scan. See Schedule a scan.

Show Audit Log

Opens the admin auditing log showing all changes made to the selected item.

For information about the admin auditing log, see Admin auditing.

Note

You must have permission to view the admin auditing log. See Add an administrator profile.

Buttons

Custom Scans

Opens the Custom Scan Configuration window which allows you to add, remove or modify custom scans. Custom scan can be added to policies for more detailed host scans. See Custom scans.

Schedule

Opens the Schedule Policy view for the selected scan and allows you to add a schedule for host rescans using that Scan. See Schedule a scan.

Scans

The Scans view allows you to configure network scans or sets of rules that are used to scan hosts for compliance. Scans are included in endpoint compliance configurations that are paired with user/host profiles, which form endpoint compliance polices. When a host is evaluated and requires an endpoint compliance policy, FortiNAC goes through the list of polices and compares user and host information to the associated user/host profile. When a match is found, the endpoint compliance configuration inside the policy is applied to the host. That configuration contains the scan and agent information used to evaluate the host.

Scans typically consist of lists of permitted operating systems and required antivirus software. In addition, custom scans can be created for more detailed scanning such as, searching the registry for particular entries, searching the hard drive for specific files, or verifying that hotfixes have been installed. Individual scans can be scheduled to run at regular intervals if your organization requires frequent rescans.

The results of a scan are stored on the Host Health tab in the Host Properties view. Refer to Host health and scanning for additional information.

When you scan hosts, the agent first checks to see if a required item is installed and then proceeds to scan for additional details about that item. For example, if the host is required to run Windows 10 and that operating system is not installed, the agent does not check to see if the updates have been installed. Scan results, therefore, are reduced because needless scans are minimized. In the scan results, the host fails only for not having the operating system.

Using the example from the table shown above, the Agent ignores items that are not checked or selected. With this agent, you would achieve the following results.

  • Operating system 1 requires antivirus 3. The agent does not test to see that antivirus 1 and 2 are not installed, therefore, the host cannot pass the scan unless it has operating system 1 with antivirus 3.
  • Operating system 2 requires either antivirus 1 or antivirus 2. The agent does not test for antivirus 1.
  • Operating system 3 requires either antivirus 1, antivirus 2, or antivirus 3.
Settings

Field

Definition

Scan Name

Each scan must have a unique name.

Remediation

Indicates when the host is moved to Remediation. Options include:

On Failure: Host is moved to remediation immediately after failing a scan.

Delayed: Host is moved to remediation after a user specified delay if the reason for the scan failure has not been addressed.

Audit Only: Host is scanned and a failure report is generated, but the host is never moved to remediation.

Scan On Connect

Indicates whether this option is enabled or disabled. Scan On Connect forces a rescan every time the host assigned this scan connects to the network. See Scan on connect.

This option only affects hosts running the Persistent Agent.

Renew IP (Supported by Dissolvable Agent Only)

Indicates whether the Renew IP option is enabled or disabled. When this option is enabled, it causes the Dissolvable Agent to actively release and renew the IP address of the host after it has completed its scan. The Renew IP option is only supported on Windows and macOS.

Scan Failure Link Label

Label displayed on the failure page when a network user's PC has failed a scan. If no label is provided, the scan name is used. The label or scan name is a link that takes the user to a page indicating why the PC has failed the scan.

Agent Order Of
Operations
Remediation = On Failure

This set of options is available only when Remediation is set to On Failure.

Determines the order in which the agent performs its tasks. Choose one of the following:

Scan Before Registering: The host downloads the Agent and is scanned in the registration network before being registered. If the scan fails you must choose one of the following:

  • Do not Register, Remediate: Host remains a Rogue and stays in the registration network until it passes the scan. Note the host will not be marked "at risk." Default setting.
  • Register and mark At Risk: The host is registered immediately after the scan and then moved to Quarantine.
Note

Persistent Agent always registers and marks at risk.

Register, then Scan (if the scan fails, Remediate): The host does not download an agent in the Registration network. Instead, the host is registered and moved to Quarantine to download the Agent and be scanned.

Agent Order Of
Operations

Remediation = Delay or Audit Only

The option below is available only when Remediation is set to Delay or Audit Only.

If scan fails - Register or Remediate: If the host fails a scan, a web page with a Register option and a Remediate option is displayed to the user.

If the user chooses the Remediate option, the host is placed in remediation and the user must correct all issues and rescan.

If the user chooses the Register option, the host is placed in production. The user can correct all of the issues and re-run the Agent.

Patch URL

URL for the web page to be displayed when a host using the Dissolvable Agent fails the scan. This web page allows the user to download the agent and rescan after addressing the issues that caused the failure. Hosts using the Persistent Agent have the agent installed and do not use this page.

Root Detection

Indicates whether this option is enabled or disabled. If enabled, rooted mobile devices are not allowed to register.

Mobile Agent devices determines whether or not the device has been rooted. Rooting is a process allowing users of devices running the Android operating system to attain privileged control (known as "root access") within Android's subsystem.

Last Modified By

User name of the last user to modify the scan.

Last Modified Date

Date and time of the last modification to this scan.

Right click options

Copy

Copy the selected Scan to create a new record.

Delete

Deletes the selected Scan. Scans that are currently in use cannot be deleted.

In Use

Indicates whether or not the selected Scan is currently being used by any other FortiNAC element. See Scans in use.

Modify

Opens the Modify Scan window for the selected Scan.

Schedule

Opens the Schedule Policy view for the selected scan and allows you to add a schedule for host rescans using that Scan. See Schedule a scan.

Show Audit Log

Opens the admin auditing log showing all changes made to the selected item.

For information about the admin auditing log, see Admin auditing.

Note

You must have permission to view the admin auditing log. See Add an administrator profile.

Buttons

Custom Scans

Opens the Custom Scan Configuration window which allows you to add, remove or modify custom scans. Custom scan can be added to policies for more detailed host scans. See Custom scans.

Schedule

Opens the Schedule Policy view for the selected scan and allows you to add a schedule for host rescans using that Scan. See Schedule a scan.