Properties
Use properties to set:
- The host name of the server for Persistent Agent communication.
- The Host group whose members receive the host name when they connect.
- Whether to require an adapter to be connected to a device managed by FortiNAC in order to communicate.
- Whether display notifications will be sent to the host.
- Header and footer text for the Persistent Agent authentication page.
- The amount of time that a CRL will be cached before retrieving a new CRL.
- Status messages in the message box on the user's desktop.
You can also enter text for other message windows generated during Registration or Scanning.
To access Persistent Agent properties, go to System > Settings > Persistent Agent.
Settings
Field |
Definition |
||||||||||||||||||||
Primary Host Name |
Fully qualified host name of the FortiNAC Application Server or the FortiNAC Server if you are not using a pair. It is pushed out to the connecting host(s) to ensure that the Persistent Agent is communicating with the correct host in a distributed environment. In a high availability environment you must use the actual host name not the shared host name. This field is required for Agent Updates. |
||||||||||||||||||||
Secondary Host Name |
This field is displayed only in a high availability environment and is used only in a failover situation. Fully qualified host name of the secondary FortiNAC Application Server or the secondary FortiNAC Server if you are not using a pair. It is pushed out to the connecting host(s) to ensure that the Persistent Agent is communicating with the correct host in a distributed environment. Use the actual host name and not the shared host name. This field is required for Agent Updates. |
||||||||||||||||||||
Host Group for on-connect Host Name update |
When hosts in this group connect to the network, they are given this Persistent Agent host name for communication between the host and the Persistent Agent server. |
||||||||||||||||||||
Require Connected Adapter |
If enabled, the server will require one of the adapters reported by the agent to be connected to a device managed by FortiNAC in order to communicate. This eliminates the need to use ACLs to block access to a FortiNAC Application server when the host is connecting on a device managed by a different FortiNAC Control server/Application server pair. The agent must be configured with security enabled. Requires Persistent Agent 4.0.3 or higher. |
||||||||||||||||||||
Allowed IP Subnets |
When you have a client that is not detected as connected (e.g., a VPN-connected client), the agents cannot connect to the server when the the Require Connected Adapter option is enabled. You can configure specific subnets to allow the server to accept connections from any host connecting from an IP address within one of the subnets or from any connected adapter. Any IP address that the agent connects from will be checked against these subnets. If the IP address is within the range, it will be allowed to connect. This applies to all hosts connecting from the specified ranges. |
||||||||||||||||||||
Expiration |
If enabled, the Persistent Agent uninstalls itself from the host once date and time selected have passed. |
||||||||||||||||||||
Header |
This text appears at the top of all message windows generated by the Persistent Agent. |
||||||||||||||||||||
Login Prompt |
This text displays on the login window. |
||||||||||||||||||||
Login Prompt after Authentication Failure |
This text appears in the message block received when a user has not been authenticated. |
||||||||||||||||||||
User Name Label |
Controls the text that appears next to the User Name field on the log in window. |
||||||||||||||||||||
Password Label |
Controls the text that appears next to the Password field on the log in window. |
||||||||||||||||||||
Footer |
This text appears at the bottom of all message windows generated by the Persistent Agent. |
||||||||||||||||||||
CRL Cache Strategy |
Defines the amount of time that a CRL will be cached before retrieving a new CRL.
|
||||||||||||||||||||
Agent Contact Window on Connect
|
Applies to host records identified as having the Persistent Agent installed. Default value: 600 seconds Time the agent on the endpoint device has to establish a connection with FortiNAC. This window of time starts when the endpoint device’s host record status changes from offline to online. When the allotted window of time has passed without communication:
When agent starts communicating again:
Successful Connection
Unsuccessful Connection
|
||||||||||||||||||||
Agent Contact Window on Disconnect |
Applies to host records identified as having the Persistent Agent installed. Default value: 300 seconds Time the agent on the online endpoint device has to communicate with FortiNAC. This window of time starts once FortiNAC detects the TCP session with the agent has been broken. When the allotted window of time has passed without communication:
When agent starts communicating again:
Successful Connection
Unsuccessful Connection
|
||||||||||||||||||||
Agent Contact Window on Host Disconnect |
Applies to host records identified as having the Persistent Agent installed. Default value: 30 seconds Time before clearing the "No Contact” agent status on an affected endpoint device’s host record after disconnecting from the network. This window of time starts when the endpoint device’s host record status changes from online to offline. When the allotted window of time has passed:
Unsuccessful Connection
Host disconnects from network (offline)
"No Contact” agent status is cleared
|
||||||||||||||||||||
VM Detection |
None. When selected, a virtual machine that connects to the network as a bridged adapter is detected as a new device on the port. Append to Host. When selected, the virtual machine adapters are added to the host as additional adapters. When a Guest VM has been appended to the host as a virtual Guest adapter, the Guest VM will remain an adapter on that host until the Guest VM is manually deleted from the host, even if VM Detection is changed to None or Register as New Host. Register as New Host. When selected, the virtual machine is automatically registered as a new host belonging to the same user as the host running the virtual machine, allowing default registration. VM Platform Support by OS
VMware requirements:
Oracle VBox requirements
Linux hosts must be configured to run the Persistent Agent Daemon process as the logged on user. To configure this, go to /etc/sysconfig/bndaemon and change DAEMON_USER from bndaemon to the current logged on user, and then restart the daemon service. FortiNAC will register a detected VM guest with the same registration as the VM host. However, the VM guest will not inherit the authentication state of the VM host, and the guest OS will be subject to any authentication policies currently in place. This means that the guest OS may require separate authentication. |
||||||||||||||||||||
Display Notifications |
Determines whether the popup notifications from the Persistent Agent such as "VLAN switch taking place", or "Renewing IP", will be displayed. When checked the notifications are displayed on the host. If unchecked, the notification fields below are hidden on this configuration view and on the host. |
||||||||||||||||||||
Successful Registration |
This text appears in the message block received when a host has successfully registered. If you do not enter text, the message box does not appear for successful registrations. |
||||||||||||||||||||
Failed Registration |
This text appears in the message block received when a host has failed the registration process. If you do not enter text, the message box does not appear for failed registrations. |
||||||||||||||||||||
Failed Scan |
This text appears in the message block received when a host has failed a scan. If you do not enter text, the message box does not appear for failed scans. |
||||||||||||||||||||
Warning Message |
This text appears in the message block received when a host has warning messages generated from a scan. If you do not enter text, the message box does not appear for warning messages. |
||||||||||||||||||||
Remediation |
This text appears in the message block received when a host has been placed in the Remediation VLAN. If you do not enter any text, the message box does not appear. |
||||||||||||||||||||
No Valid Network |
This text appears in the message block when the Persistent Agent cannot determine the MAC address of the interface used to connect to the network or if the MAC address for that interface is invalid. Default value for this field is blank. If you do not enter text, the message box does not appear for invalid MAC addresses. |
||||||||||||||||||||
Network Change |
This text appears in the message block when the IP address for the host is being renewed. This can happen when the host is being moved from one VLAN to another. |
Configure properties
- Click System > Settings.
- Expand the Persistent Agent folder.
- Select properties from the tree.
- Use the information in the properties Settings table above to complete the fields.
- Click Save Settings.