Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiNAC 9.1.0 Administration Guide
    9.1.0
    9.4.0
    9.2.0
    9.1.0
    8.8.0
    8.7.0
    8.6.0
    8.5.2
    8.3.0

    Endpoint compliance

    Endpoint compliance

    Endpoint compliance is a feature set used to ensure that hosts connecting to your network comply with network usage requirements. The cornerstone of endpoint compliance are endpoint compliance policies. Use these policies to establish the parameters for security that will be enforced when hosts connect to the network. If you do not create policies, when hosts connect to the network and users enter their credentials, they will be automatically registered without a policy being applied. See Endpoint compliance policies.

    Endpoint compliance can also use an agent on the host to ensure that compliance with established policies is maintained. The Dissolvable Agent is downloaded during registration and is removed when the host is registered. The Persistent Agent remains on the host. Mobile Agent devices are installed on and remain installed on mobile devices. The Passive Agent is not installed, but is served as the user logs onto the network and does a scan in the background.

    Endpoint compliance policies contain scans used to evaluate hosts and ensure that each host complies with your configured list of acceptable operating systems and antivirus software. For a list of supported operating systems and antivirus software, use the customer portal on our web site.

    Features

    Feature

    Description

    Agent Distribution

    Download Agents for alternative distribution.

    See Agent packages.

    Auto-Def Update
    Schedule

    Schedule the task to automatically update virus definitions, spyware definitions and operating systems for which you can scan.

    See Auto-definition updates.

    NAT Detection

    Enter the IP ranges where an agent will detect NAT'd hosts. IP addresses outside this range could be NAT'd hosts and can generate an event and an alarm to notify the network administrator.

    See NAT detection.

    Passive Agent
    Configuration

    Create customized configurations that register and scan hosts associated with network users contained in your LDAP or Active directory.

    See Passive Agent.

    Policy Configuration

    Add, delete, modify, or schedule endpoint compliance policy.

    See Endpoint compliance policies.

    Persistent Agent
    Properties

    Enter text that will be displayed in the header and footer area on any messages sent to a host running the Persistent Agent. Enable status pop-ups. Configure server communication.

    See Persistent Agent settings.

    Remediation
    Configuration

    Add, remove, modify, or schedule security and admin script profile configurations.

    See Remediation configurations.
    Previous
    Next

    Endpoint compliance

    Endpoint compliance

    Endpoint compliance is a feature set used to ensure that hosts connecting to your network comply with network usage requirements. The cornerstone of endpoint compliance are endpoint compliance policies. Use these policies to establish the parameters for security that will be enforced when hosts connect to the network. If you do not create policies, when hosts connect to the network and users enter their credentials, they will be automatically registered without a policy being applied. See Endpoint compliance policies.

    Endpoint compliance can also use an agent on the host to ensure that compliance with established policies is maintained. The Dissolvable Agent is downloaded during registration and is removed when the host is registered. The Persistent Agent remains on the host. Mobile Agent devices are installed on and remain installed on mobile devices. The Passive Agent is not installed, but is served as the user logs onto the network and does a scan in the background.

    Endpoint compliance policies contain scans used to evaluate hosts and ensure that each host complies with your configured list of acceptable operating systems and antivirus software. For a list of supported operating systems and antivirus software, use the customer portal on our web site.

    Features

    Feature

    Description

    Agent Distribution

    Download Agents for alternative distribution.

    See Agent packages.

    Auto-Def Update
    Schedule

    Schedule the task to automatically update virus definitions, spyware definitions and operating systems for which you can scan.

    See Auto-definition updates.

    NAT Detection

    Enter the IP ranges where an agent will detect NAT'd hosts. IP addresses outside this range could be NAT'd hosts and can generate an event and an alarm to notify the network administrator.

    See NAT detection.

    Passive Agent
    Configuration

    Create customized configurations that register and scan hosts associated with network users contained in your LDAP or Active directory.

    See Passive Agent.

    Policy Configuration

    Add, delete, modify, or schedule endpoint compliance policy.

    See Endpoint compliance policies.

    Persistent Agent
    Properties

    Enter text that will be displayed in the header and footer area on any messages sent to a host running the Persistent Agent. Enable status pop-ups. Configure server communication.

    See Persistent Agent settings.

    Remediation
    Configuration

    Add, remove, modify, or schedule security and admin script profile configurations.

    See Remediation configurations.
    Previous
    Next