Fortinet white logo
Fortinet white logo

Administration Guide

Add a task

Add a task

  1. Select System > Scheduler.
  2. From the Scheduler view, click Add.
  3. The Enabled check box is selected by default. Uncheck it if you want this task to be disabled.
  4. Enter a Name for the task and an optional description.
  5. In the Action Type field, select either System or CLI. System actions are predefined tasks that you can choose to execute. CLI actions are sets of command line instructions that are created in the CLI Configuration View and saved to be executed elsewhere in the program.
  6. Select the Action from the list of system or CLI actions. Refer to the table below the instructions for more information.

    Note

    See CLI configuration for information on creating CLI actions.

  7. From the Group dropdown list, select the group that the action will be performed on. The list contains only the group types specific to that Action.
  8. From the Schedule Type drop down list, select either Fixed Day or Repetitive and set the day and time that the task is to be performed.
  9. A Fixed Day Task is one in which you schedule a task to run on a combination of days of the week and times of the day, such as Mondays at 1:00 pm and Fridays at 10:00 am. Select the day(s) and time to run the task.
    1. Click the box next to the day(s) to select the day.
    2. Click the down arrows and select the hour, minutes, and AM or PM from the drop-down list for each day.
    3. To enter days/times more quickly, select Set Multiple Days to set multiple days with the same time.
    4. To remove all settings, click Clear All.
  10. A Repetitive Task is one that you schedule to start on a given day, at a certain time, for the number of times you specify, such as every 10 days starting today. The repetition rate can be set to any number of minutes, hours, or days.
    1. Enter the Repetition Rate using whole numbers.

      Note

      A repetition rate of zero causes the task to run only once.

    2. Click the down arrow and select Minutes, Hours, or Days from the drop-down list.
    3. Enter the date and time for the task to run in the Next Scheduled Time field using the format MM/DD/YY hh:mm AM/PM Time Zone.
    4. Click Update to update the Next Scheduled Time field or change the Repetition Rate.

      Note

      The new Repetition Rate does not take effect immediately. It starts the next time the scheduled task runs. For the new Repetition Rate take effect immediately, click Update.

  11. Click OK.
Actions

Actions

Group Type

Description

Certificate Expiration Monitor

None

Generates a warning, critical warning, and expiration events for the certificates listed in Certificate Management. See Certificate management

Custom Script

None

Executes the selected command line script located in /home/cm/scripts.

Database Archive and Purge

None

Archives and purges Event, Connection, and Alarm records that are older than 7 days. The number of days is configurable in the Event And Alarm Age Time field on the FortiNAC Properties window. See Database archive.

Database Backup

None

Back up the FortiNAC database. The database backup files are stored on the local appliance at

/bsc/campusMgr/master_loader
/mysql/backup.

See Backup to a remote server for more information on configuring backups to a remote server.

Disable Adapters

Hosts

Prohibits network access to all adapters in the associated host group. Disables the adapters but not the host itself.

Disable HP/NT Port Security

Devices

Disables port security configuration on all HP/NT devices in the associated group. Use Port Security to disable hosts if DeadEnd VLANs are not used on the network.

Disable Ports

Port

Administratively disables all ports in the associated group.

Enable Adapters

Hosts

Allows network access to all hosts in the associated group.

Enable HP/NT Port Security

Devices

Enables port security configuration on all HP/NT devices in the associated group. Use Port Security to disable hosts if DeadEnd VLANs are not used on the network.

Enable Ports

Port

Administratively enables all ports in the associated group.

Modify Device VLAN Values

Ports

Writes the indicated VLAN value to the switch and changes only the Current VLAN value in the FortiNAC device model. You must specify the VLAN value.

Purge Remediation Output Files (Reports)

None

Purges the output files from all the Nessus scans performed since the last purge.

Note

Nessus Servers and scans are no longer supported.

Resynchronize Device

Devices

Allows you to sync a device with FortiNAC after making a change to the device (e.g., adding a VLAN, role or SSID for a wireless device).

Role Assignment

Hosts

Modifies the Role for the associated group of hosts or users. You must specify the new role.

SSID Assignment

Devices

Maps VLAN IDs to SSIDs. You must specify the both the VLAN ID and the SSID.

System Backup

None

Back up the FortiNAC system files. The system backup files are stored on the local appliance at

/bsc/backups/<server name>

See System backups.

Update Default VLAN Values

Ports

Sets the Default VLAN value for the port in FortiNAC device model to the value entered in the scheduled task. You must specify the VLAN value.

Update Interface Status

Devices

Reads and updates the interface status for each port on the devices in the associated groups.

Update Remediation Center

None

Connects to Nessus.org and updates the Nessus server with the scan IDs for the version running on the application server. Also connects to Fortinet and updates the server with the latest scan profiles.

Note

If you create scan profiles with Nessus Wx, you must run this task to ensure that those scan profiles will work properly.

Note

Nessus Servers and scans are no longer supported.

Add a task

Add a task

  1. Select System > Scheduler.
  2. From the Scheduler view, click Add.
  3. The Enabled check box is selected by default. Uncheck it if you want this task to be disabled.
  4. Enter a Name for the task and an optional description.
  5. In the Action Type field, select either System or CLI. System actions are predefined tasks that you can choose to execute. CLI actions are sets of command line instructions that are created in the CLI Configuration View and saved to be executed elsewhere in the program.
  6. Select the Action from the list of system or CLI actions. Refer to the table below the instructions for more information.

    Note

    See CLI configuration for information on creating CLI actions.

  7. From the Group dropdown list, select the group that the action will be performed on. The list contains only the group types specific to that Action.
  8. From the Schedule Type drop down list, select either Fixed Day or Repetitive and set the day and time that the task is to be performed.
  9. A Fixed Day Task is one in which you schedule a task to run on a combination of days of the week and times of the day, such as Mondays at 1:00 pm and Fridays at 10:00 am. Select the day(s) and time to run the task.
    1. Click the box next to the day(s) to select the day.
    2. Click the down arrows and select the hour, minutes, and AM or PM from the drop-down list for each day.
    3. To enter days/times more quickly, select Set Multiple Days to set multiple days with the same time.
    4. To remove all settings, click Clear All.
  10. A Repetitive Task is one that you schedule to start on a given day, at a certain time, for the number of times you specify, such as every 10 days starting today. The repetition rate can be set to any number of minutes, hours, or days.
    1. Enter the Repetition Rate using whole numbers.

      Note

      A repetition rate of zero causes the task to run only once.

    2. Click the down arrow and select Minutes, Hours, or Days from the drop-down list.
    3. Enter the date and time for the task to run in the Next Scheduled Time field using the format MM/DD/YY hh:mm AM/PM Time Zone.
    4. Click Update to update the Next Scheduled Time field or change the Repetition Rate.

      Note

      The new Repetition Rate does not take effect immediately. It starts the next time the scheduled task runs. For the new Repetition Rate take effect immediately, click Update.

  11. Click OK.
Actions

Actions

Group Type

Description

Certificate Expiration Monitor

None

Generates a warning, critical warning, and expiration events for the certificates listed in Certificate Management. See Certificate management

Custom Script

None

Executes the selected command line script located in /home/cm/scripts.

Database Archive and Purge

None

Archives and purges Event, Connection, and Alarm records that are older than 7 days. The number of days is configurable in the Event And Alarm Age Time field on the FortiNAC Properties window. See Database archive.

Database Backup

None

Back up the FortiNAC database. The database backup files are stored on the local appliance at

/bsc/campusMgr/master_loader
/mysql/backup.

See Backup to a remote server for more information on configuring backups to a remote server.

Disable Adapters

Hosts

Prohibits network access to all adapters in the associated host group. Disables the adapters but not the host itself.

Disable HP/NT Port Security

Devices

Disables port security configuration on all HP/NT devices in the associated group. Use Port Security to disable hosts if DeadEnd VLANs are not used on the network.

Disable Ports

Port

Administratively disables all ports in the associated group.

Enable Adapters

Hosts

Allows network access to all hosts in the associated group.

Enable HP/NT Port Security

Devices

Enables port security configuration on all HP/NT devices in the associated group. Use Port Security to disable hosts if DeadEnd VLANs are not used on the network.

Enable Ports

Port

Administratively enables all ports in the associated group.

Modify Device VLAN Values

Ports

Writes the indicated VLAN value to the switch and changes only the Current VLAN value in the FortiNAC device model. You must specify the VLAN value.

Purge Remediation Output Files (Reports)

None

Purges the output files from all the Nessus scans performed since the last purge.

Note

Nessus Servers and scans are no longer supported.

Resynchronize Device

Devices

Allows you to sync a device with FortiNAC after making a change to the device (e.g., adding a VLAN, role or SSID for a wireless device).

Role Assignment

Hosts

Modifies the Role for the associated group of hosts or users. You must specify the new role.

SSID Assignment

Devices

Maps VLAN IDs to SSIDs. You must specify the both the VLAN ID and the SSID.

System Backup

None

Back up the FortiNAC system files. The system backup files are stored on the local appliance at

/bsc/backups/<server name>

See System backups.

Update Default VLAN Values

Ports

Sets the Default VLAN value for the port in FortiNAC device model to the value entered in the scheduled task. You must specify the VLAN value.

Update Interface Status

Devices

Reads and updates the interface status for each port on the devices in the associated groups.

Update Remediation Center

None

Connects to Nessus.org and updates the Nessus server with the scan IDs for the version running on the application server. Also connects to Fortinet and updates the server with the latest scan profiles.

Note

If you create scan profiles with Nessus Wx, you must run this task to ensure that those scan profiles will work properly.

Note

Nessus Servers and scans are no longer supported.