Fortinet white logo
Fortinet white logo

Administration Guide

Custom scans

Custom scans

Scans are configured to evaluate hosts connecting to the network. These scans search the host computer for things such as antivirus software or a particular version of an operating system. The categories within which the scan can search are fairly broad. To scan for very specific items, such as a file on the hard drive or a patch, you must create custom scans and then link custom scans to a general Scan.

The severity level set in the custom scan determines how the host is treated when it fails a custom scan. Levels can be set to deny the host access to the network or to just send a warning. See Severity level for additional details.

Custom scans that are associated with a scan can be configured to run at more frequent intervals than the Scan itself by setting up a Monitor in the Scan. This requires that the host have the Persistent Agent installed.

In addition to running a custom scan on any host that is evaluated by the associated Scan, you can use custom scans to refine or enhance other Scans. For example, if you have set up a Scan to check hosts for one of the following antivirus programs: AVG 8.5, Kaspersky, or Norton. Within the Kaspersky setting you can add a custom scan to search for a version that must be installed. This custom scan will not be run for hosts using AVG 8.5 or Norton. It will be run for hosts using Kaspersky.

Custom scans are created differently depending on the operating system on which they will run. You must create separate custom scans for each operating system.

When hosts fail a custom scan, they are redirected to the web page designated within the custom scan configuration. These web pages are not provided as part of the portal configuration. They must be created and stored on your FortiNAC appliance in the following directory: /bsc/Registration/registration/site

Within the directory listed above there are other web pages that might serve as a template for the custom scans web pages. One option is to copy the antivirus.jsp file to a new name and edit the text within that file to accommodate your custom scans.

User created web pages that display when a host fails a custom scan are now stored in /bsc/Registration/registration/site. If you are using Portal Version 1 and have legacy pages that are stored in /bsc/Registration/registration/sma, you do not need to move them to the new directory, they will continue to display to hosts as needed.

Caution

Custom Scans behavior with FortiNAC manager

An ECC custom scan is never automatically deleted during a sync operation from the Manager; they are only marked as non-global on the pod during a sync, if the ECC custom scan was deleted on the NCM.

The intentional behavior is to not delete them from the pod after they have been deleted from the Manager, then the Manager sync'd to the pod. The custom scans remain on the pod, but they are not marked as global; thus they're able to be deleted, if desired, in a second step.

Custom scans

Custom scans

Scans are configured to evaluate hosts connecting to the network. These scans search the host computer for things such as antivirus software or a particular version of an operating system. The categories within which the scan can search are fairly broad. To scan for very specific items, such as a file on the hard drive or a patch, you must create custom scans and then link custom scans to a general Scan.

The severity level set in the custom scan determines how the host is treated when it fails a custom scan. Levels can be set to deny the host access to the network or to just send a warning. See Severity level for additional details.

Custom scans that are associated with a scan can be configured to run at more frequent intervals than the Scan itself by setting up a Monitor in the Scan. This requires that the host have the Persistent Agent installed.

In addition to running a custom scan on any host that is evaluated by the associated Scan, you can use custom scans to refine or enhance other Scans. For example, if you have set up a Scan to check hosts for one of the following antivirus programs: AVG 8.5, Kaspersky, or Norton. Within the Kaspersky setting you can add a custom scan to search for a version that must be installed. This custom scan will not be run for hosts using AVG 8.5 or Norton. It will be run for hosts using Kaspersky.

Custom scans are created differently depending on the operating system on which they will run. You must create separate custom scans for each operating system.

When hosts fail a custom scan, they are redirected to the web page designated within the custom scan configuration. These web pages are not provided as part of the portal configuration. They must be created and stored on your FortiNAC appliance in the following directory: /bsc/Registration/registration/site

Within the directory listed above there are other web pages that might serve as a template for the custom scans web pages. One option is to copy the antivirus.jsp file to a new name and edit the text within that file to accommodate your custom scans.

User created web pages that display when a host fails a custom scan are now stored in /bsc/Registration/registration/site. If you are using Portal Version 1 and have legacy pages that are stored in /bsc/Registration/registration/sma, you do not need to move them to the new directory, they will continue to display to hosts as needed.

Caution

Custom Scans behavior with FortiNAC manager

An ECC custom scan is never automatically deleted during a sync operation from the Manager; they are only marked as non-global on the pod during a sync, if the ECC custom scan was deleted on the NCM.

The intentional behavior is to not delete them from the pod after they have been deleted from the Manager, then the Manager sync'd to the pod. The custom scans remain on the pod, but they are not marked as global; thus they're able to be deleted, if desired, in a second step.