Provisioning FortiNAC with known devices can be accomplished in several ways. However, you should start with switches, routers and controllers, since those devices control the network and provide FortiNAC with information about other devices connected to the network. Switches, routers and controllers can be imported into FortiNAC from .csv files or can be automatically discovered by FortiNAC. Other devices can be imported or detected as they connect to the network.
If you already have spreadsheets or .csv files containing device information, you may be able to leverage them to import devices into FortiNAC. Each device type must be in a separate file. Both SNMP devices and non-SNMP (or pingable) devices can be imported. See CLI import tool.
Discovery is an automated process started by the FortiNAC administrator. FortiNAC searches ranges of IP addresses for devices that can be managed using SNMP. A model of each device is created in FortiNAC as it is discovered and can be viewed in the Network Devices view. After discovery, each device must be configured to ensure that FortiNAC has the correct CLI passwords and VLAN configurations.
Most networks also have a series of devices that cannot be managed using SNMP, such as printers, security cameras or alarm systems. This type of device is referred to as a pingable device. Non-SNMP devices can be imported into the database as noted above, can be registered manually or can be automatically registered by device profiler.
For manual registration, you must connect the device to the network. When FortiNAC detects that a device has connected, that device is displayed as a rogue in the Host View. From the Host View you can select one or more rogues and register them as devices. Devices registered from the Host View can be configured to display in the Host View, the Topology or both. See Register a host as a device and Learning about hosts on the network.
If you have implemented device profiler, devices can be categorized and automatically registered based on Profiling Rules. See Device profiler.
Registering PC's as devices can be done manually by connecting the PC to the network. When FortiNAC detects the connection, the PC is displayed in the Host View as a rogue. From the Host View, you can select one or more rogues and register them as devices as noted above. See Register a host as a device and Learning about hosts on the network.
Registering PCs can be automated to a certain extent. You can configure the Persistent Agent to register PCs by hostname using . Then serve the Persistent Agent to users PCs either at login or by asking the user to download and install the agent. The agent connects to the FortiNAC server, registers the PC by hostname and sends information such as IP address and MAC address back to the database. Because the agent is only being used as a mechanism to register PCs, no security policy is required. See Agent overview and Credential configuration.
Login scripts can be used to automatically register PCs as network users log onto the network. The script must be modified slightly to indicate that PCs should be registered by hostname. See Passive registration.
There are many options for viewing devices that have been added to FortiNAC.
- Network Devices View: Displays lists of devices in a table. Links in the Views column allow you to display additional device information and configuration views. See Network devices.
- Topology: Displays lists of devices on the left side. When a device is selected, the right pane displays known information about that device with a graphic representation of device ports and connections. See Topology.
- Host View: Displays rogues or unknown devices and any devices that were manually registered and configured to display in Host View. See Host View.
- Dashboard: Host Summary and Device Summary panels provide totals for each device type broken down by status. See Host Summary and Network Device Summary.