Host registration and user authentication
A registered host is a device requiring network services that is displayed in the Host View and has an ID. Registered hosts have a record in the FortiNAC database and are known entities. There are several methods for registering hosts depending on the type of host.
- Users connecting to the network with their computers or with a gaming device, such as an XBox, typically register their equipment through a web page. See
- Rogue hosts connecting directly to the network, such as an alarm system or a security camera, can be registered automatically using device profiler or manually using the Register as Host or Register as Device options in the Host View. See Profiled devices, Add or modify a host and Register a host as a device.
- Hosts can be registered by importing their records from a .csv file into the database. See Import hosts, users or devices for more information.
Registered hosts have specific icons that represent the type of device or host that has been registered and their last known state. See Icons for a list of icons and their definitions.
If gaming devices are registered, they are automatically placed in the forced scan exceptions and forced authentication exceptions groups. This prevents them from being scanned or forced to authenticate when they are on the network.
An authenticated user is a network user that has entered a user name and password on a login page and been verified using an existing authentication method. Authentication methods include the local FortiNAC database, an LDAP directory, a RADIUS server or a combination in which a user is authenticated by a RADIUS server and registered using data in LDAP. An authenticated user has a specific icon in the user view that is separate from the icon representing their computer on the Host View.
A single computer can have more than one icon if it has more than one network interface. For example, if a user has a laptop computer with both wired and wireless access to the network, you may see several records and icons for that user and host combination. You will see one record in the user view for the user, one record in the Host View for the computer itself and two records in the adapter view for the wired and wireless adapters. The two network interfaces are called siblings because they reside on the same computer. If the host is disabled by FortiNAC both adapters are automatically disabled also. Adapters can be disabled individually if they are disabled manually.
Registration process
FortiNAC uses the host registration process to create registered hosts in its database. A registered host is a known entity that has an ID. Hosts can be computers, gaming devices, IP phones or any device that requires network services.
Existing host
A host attempts to connect to the network.
FortiNAC compares the host information with the host records in its database.
If the host record exists and has not been disabled, FortiNAC allows access to the network.
New host - captive portal
If the host record does not exist, a Registration web page is displayed, forcing the user to register the equipment.
The user selects the type of registration, such as guest, network user or gaming device.
On the next page, the user enters a user name and password. This provides identity for the computer or gaming device being registered.
If a computer is being registered, the security policy for this user may require that the user download an agent to scan the computer. See Determining host operating system.
When the computer has met all of the criteria of the scan, it is registered and allowed access to the network.
New host - Passive Agent registration
When a user logs onto or off of the network a Passive Agent is served to the user's computer.
The computer is scanned and registered. See Passive Agent.
Registration logs
FortiNAC generates a log entry for each host that registers. A new log file is created for each day. The log is a delimited text file. The file is stored in the /home/cm/registration
directory. The file name is RegistrationLog.mm.dd.yyyy, such as RegistrationLog.03.15.2009
. The record for each host contains the following information:
Settings
Data |
Description |
First Name |
User’s first name as entered on the Registration page. |
Last Name |
User’s last name as entered on the Registration page. |
Login |
User’s login for the network. |
Hardware Type |
User’s hardware type; for example, wired, wireless. |
Location |
Hardware's location on your network. |
IP address |
The IP address assigned to the hardware’s location. |
Physical Address |
MAC address of the hardware. |
|
The e-mail address to be used to contact the user. |
Position/Grade |
The position of the user; for example, Professor, or Administration. Or, the grade of the student; for example, year of graduation. |
Address |
User Contact information. |
City |
|
State |
|
Zip/Postal Code |
|
Phone |
|
PC Name |
The name of the PC. |
PC Type |
The type of the PC; for example, a server, laptop or desktop. |
PC Serial Number |
The serial number of the PC. |
Registration Date/Time |
The date and time the user and equipment were registered. The format is MM.DD.YYY HH:MM:SS AM(PM); for example: 09.05.2008 09:45:33 AM |