Fortinet black logo

Administration Guide

Using the Persistent Agent

Copy Link
Copy Doc ID 1ce38eeb-8119-11eb-9995-00505692583a:60925
Download PDF

Using the Persistent Agent

If you have chosen to use the Persistent Agent to scan Windows, macOS, or Linux systems, hosts connecting to the network will go through the following process. The PA is downloaded to the host and installed. Once PA is installed it runs in the background and communicates with FortiNAC at intervals established by the network administrator.

The Persistent Agent will not detect the addition of a guest to a virtual host record unless the "Append to Host" or "Register as New Host" options are enabled in the VM Detection settings, and the port they are connected to may be subject to isolation and registration policies. See Security management.

The Persistent Agent only works with the FortiNAC Control Server and FortiNAC Application Server pair, or the FortiNAC Server. If the FortiNAC Control Server is not paired with the FortiNAC Application Server, you must use the Dissolvable Agent.

Registration

When an unknown host connects to the network and attempts to access the Internet, an entry in the DNS server redirects the host to the Login page for registration.

The Persistent Agent can also be used to register hosts passively (behind the scenes).

To begin the registration and policy check process, the user on the unknown host does the following:

  1. Enter the User Name.
  2. Enter the Password.
  3. Click Download.
  4. Save the file to the Desktop as directed by the browser download functionality or runs the file.

If a Persistent Agent is being used, the host must install the Persistent Agent the first time. If a Dissolvable Agent is being used, the agent runs without installing any files.

Results

Once the security check has completed, if the host failed to meet the security policy, a results page shown in a browser lists the items that failed and passed.

You can configure a link that the user can click that provides information about items that failed and what to do to correct the problem. Enter this link when you configure the policy. See Add or modify a scan for more information.

If you do not provide a link, modify the failure page to provide information for the user to correct the problem and find assistance.

Rescan

Once the user has corrected any issue(s) that caused the failure, the Persistent Agent security check must be run again.

  1. Open a browser window.
  2. Host is placed in Remediation.
  3. Click on the link associated with the security policy.
  4. Click Rescan.

This process may need to be completed again if additional issues remain that cause the host to fail the security policy.

Successfully registered notification

Once all the items causing the host to fail the security policy have been corrected, the host is registered and the Success message window is displayed.

Using the Persistent Agent

If you have chosen to use the Persistent Agent to scan Windows, macOS, or Linux systems, hosts connecting to the network will go through the following process. The PA is downloaded to the host and installed. Once PA is installed it runs in the background and communicates with FortiNAC at intervals established by the network administrator.

The Persistent Agent will not detect the addition of a guest to a virtual host record unless the "Append to Host" or "Register as New Host" options are enabled in the VM Detection settings, and the port they are connected to may be subject to isolation and registration policies. See Security management.

The Persistent Agent only works with the FortiNAC Control Server and FortiNAC Application Server pair, or the FortiNAC Server. If the FortiNAC Control Server is not paired with the FortiNAC Application Server, you must use the Dissolvable Agent.

Registration

When an unknown host connects to the network and attempts to access the Internet, an entry in the DNS server redirects the host to the Login page for registration.

The Persistent Agent can also be used to register hosts passively (behind the scenes).

To begin the registration and policy check process, the user on the unknown host does the following:

  1. Enter the User Name.
  2. Enter the Password.
  3. Click Download.
  4. Save the file to the Desktop as directed by the browser download functionality or runs the file.

If a Persistent Agent is being used, the host must install the Persistent Agent the first time. If a Dissolvable Agent is being used, the agent runs without installing any files.

Results

Once the security check has completed, if the host failed to meet the security policy, a results page shown in a browser lists the items that failed and passed.

You can configure a link that the user can click that provides information about items that failed and what to do to correct the problem. Enter this link when you configure the policy. See Add or modify a scan for more information.

If you do not provide a link, modify the failure page to provide information for the user to correct the problem and find assistance.

Rescan

Once the user has corrected any issue(s) that caused the failure, the Persistent Agent security check must be run again.

  1. Open a browser window.
  2. Host is placed in Remediation.
  3. Click on the link associated with the security policy.
  4. Click Rescan.

This process may need to be completed again if additional issues remain that cause the host to fail the security policy.

Successfully registered notification

Once all the items causing the host to fail the security policy have been corrected, the host is registered and the Success message window is displayed.