Fortinet Document Library

Version:

Version:

Version:


Table of Contents

Administration Guide

Download PDF
Copy Link

System communication

System Communication groups together features that allow FortiNAC to communicate with other devices or to send email and SMS messages to administrators and network users.

Receive data from external devices

FortiNAC can be configured to receive data or messages from other devices on the network, such as an IPS/IDS device. FortiNAC can accept data from a trap or Syslog message to add records to the database or trigger events and alarms. If events and alarms are triggered, alarms can be configured to take action on hosts or users and notify administrators via e-mail or SMS messages.

There are several options that can be used to leverage data from other devices. Each of these options is independent of all of the others. They can be used simultaneously but they do not work together.

Syslog management

The Syslog Management feature in FortiNAC allows you to create specific configurations used to parse inbound syslog messages. Supported message formats include CSV, TAG/VALUE and CEF. New events and alarms are automatically created for each syslog configuration you create. When an inbound message is received, FortiNAC can react based on the event and alarm generated. See Syslog files.

Trap MIB

The Trap MIB feature allows you to configure FortiNAC to receive SNMPv1 and SNMPv2 traps from external devices that contain information about the connecting host. New events and alarms are created for these configurations and they display based on the OID of the sending device. When a trap is received FortiNAC can react based on the event and alarm generated. See Trap MIB files.

SNMPv3

SNMPv3 traps can be leveraged to populate the FortiNAC database with hosts and users as they connect to the network. When a trap is received from an external device, host and user records are added, modified or removed in the database. Events and alarms associated with these traps can be used to notify administrators or take actions on connecting hosts and users.

MDM services

MDM Services allows you to configure communication with one or more Mobile Device Management servers. Based on the information received from the MDM server you can take action on hosts, such as disabling them. See MDM services.

Option

Definition

Addresses

Configure a list of address and address group objects used in SSO and VPN configuration. See Addresses

Email Settings

Enter settings for your email server. This allows FortiNAC to send email to Administrators and network users.

See Email settings.

Log Receivers

Configure a list of servers that to receive event and alarm messages from FortiNAC.

See Log receivers.

MDM Services

Configure one or more Mobile Device Management (MDM) servers that integrate with FortiNAC.

See MDM services.

Mobile Providers

Displays the default set of Mobile Providers included in the database. FortiNAC uses the Mobile Providers list to send SMS messages to guests and administrators . The list can be modified as needed.

See Mobile providers.

Patch Management

The Patch Management feature allows integration with Patch servers such as BigFix or PatchLink.

See Patch management.

Proxy Settings

Configure FortiNAC to direct web traffic to a proxy server in order to download OS updates and auto-definition updates.

SNMP

Set the SNMP protocol for devices that query FortiNAC for information. It is also used to set the SNMP protocol to accept SNMPv3 traps that register hosts and users.

See SNMP.

Syslog Files

Syslog Files that you create and store are used by FortiNAC to parse the information received from these external devices and generate an event. The event can contain any or all of the fields contained in the syslog output and can be mapped to an Alarm and an Alarm action.

See Syslog files and Map events to alarms.

Security Event Parsers

Customize parsing of syslog messages for generating security events.

See Security event parsers

Trap MIB Files

Enter configurations to interpret SNMP trap MIB information sent from a device and associate it with events and alarms in FortiNAC.

See Trap MIB files and Map events to alarms.

Threat Analysis Engines

Configure Threat Analysis Engines to be used when applications are submitted via an agent to FortiNAC.

Vulnerability Scanners

Configure and manage the connection to a vulnerability scanner, allowing FortiNAC to request and process scan results.

See Vulnerability scanner.

Security Fabric Connector

Provides the ability to register FortiNAC in the Security Fabric Tree. Once registered, FortiNAC is visible in the Security Fabric Topology view on FortiOS products.

See Security Fabric Connection

System communication

System Communication groups together features that allow FortiNAC to communicate with other devices or to send email and SMS messages to administrators and network users.

Receive data from external devices

FortiNAC can be configured to receive data or messages from other devices on the network, such as an IPS/IDS device. FortiNAC can accept data from a trap or Syslog message to add records to the database or trigger events and alarms. If events and alarms are triggered, alarms can be configured to take action on hosts or users and notify administrators via e-mail or SMS messages.

There are several options that can be used to leverage data from other devices. Each of these options is independent of all of the others. They can be used simultaneously but they do not work together.

Syslog management

The Syslog Management feature in FortiNAC allows you to create specific configurations used to parse inbound syslog messages. Supported message formats include CSV, TAG/VALUE and CEF. New events and alarms are automatically created for each syslog configuration you create. When an inbound message is received, FortiNAC can react based on the event and alarm generated. See Syslog files.

Trap MIB

The Trap MIB feature allows you to configure FortiNAC to receive SNMPv1 and SNMPv2 traps from external devices that contain information about the connecting host. New events and alarms are created for these configurations and they display based on the OID of the sending device. When a trap is received FortiNAC can react based on the event and alarm generated. See Trap MIB files.

SNMPv3

SNMPv3 traps can be leveraged to populate the FortiNAC database with hosts and users as they connect to the network. When a trap is received from an external device, host and user records are added, modified or removed in the database. Events and alarms associated with these traps can be used to notify administrators or take actions on connecting hosts and users.

MDM services

MDM Services allows you to configure communication with one or more Mobile Device Management servers. Based on the information received from the MDM server you can take action on hosts, such as disabling them. See MDM services.

Option

Definition

Addresses

Configure a list of address and address group objects used in SSO and VPN configuration. See Addresses

Email Settings

Enter settings for your email server. This allows FortiNAC to send email to Administrators and network users.

See Email settings.

Log Receivers

Configure a list of servers that to receive event and alarm messages from FortiNAC.

See Log receivers.

MDM Services

Configure one or more Mobile Device Management (MDM) servers that integrate with FortiNAC.

See MDM services.

Mobile Providers

Displays the default set of Mobile Providers included in the database. FortiNAC uses the Mobile Providers list to send SMS messages to guests and administrators . The list can be modified as needed.

See Mobile providers.

Patch Management

The Patch Management feature allows integration with Patch servers such as BigFix or PatchLink.

See Patch management.

Proxy Settings

Configure FortiNAC to direct web traffic to a proxy server in order to download OS updates and auto-definition updates.

SNMP

Set the SNMP protocol for devices that query FortiNAC for information. It is also used to set the SNMP protocol to accept SNMPv3 traps that register hosts and users.

See SNMP.

Syslog Files

Syslog Files that you create and store are used by FortiNAC to parse the information received from these external devices and generate an event. The event can contain any or all of the fields contained in the syslog output and can be mapped to an Alarm and an Alarm action.

See Syslog files and Map events to alarms.

Security Event Parsers

Customize parsing of syslog messages for generating security events.

See Security event parsers

Trap MIB Files

Enter configurations to interpret SNMP trap MIB information sent from a device and associate it with events and alarms in FortiNAC.

See Trap MIB files and Map events to alarms.

Threat Analysis Engines

Configure Threat Analysis Engines to be used when applications are submitted via an agent to FortiNAC.

Vulnerability Scanners

Configure and manage the connection to a vulnerability scanner, allowing FortiNAC to request and process scan results.

See Vulnerability scanner.

Security Fabric Connector

Provides the ability to register FortiNAC in the Security Fabric Tree. Once registered, FortiNAC is visible in the Security Fabric Topology view on FortiOS products.

See Security Fabric Connection