Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiNAC 9.4.0 Administration Guide
    9.4.0
    9.4.0
    9.2.0
    9.1.0
    8.8.0
    8.7.0
    8.6.0
    8.5.2
    8.3.0

    Import hosts, users or devices

    Import hosts, users or devices

    Hosts, users or devices can be imported into the database from a .csv (comma separated value) file. Devices imported through the Host View are displayed in the Host View.

    Create an import file

    To add Hosts, users, devices or IP Phones create a comma separated value (.csv) file using any text editor or spreadsheet tool. If you are using a text editor to create the file, use commas to separate the fields when you enter the data. Use carriage returns to separate records. You can mix the types of records you are importing. For example, you can import hosts, users and IP Phones in the same file as long as you have all of the appropriate fields in the header row.

    To add Hosts or Devices create a comma separated value (.csv) file using any text editor or spreadsheet tool. If you are using a text editor to create the file, use commas to separate the fields when you enter the data. Use carriage returns to separate records.

    The first row in the file is a header row and must contain a comma separated list of the database field names that are included in the import file. The order of the fields does not matter. For example, to import hosts and their corresponding adapters the header row could have the following fields: adap.mac,adap.ip,host.owner,host.host,siblings

    Unless otherwise specified, data type is a string with no size limitations. Fields are case sensitive. For example, if you have user IDs SMITH123 and Smith123, the database treats these as two separate user records.

    If you import something that already exists in the database, the existing record is updated with the new data from the import. For example, assume the database contains a host record with MAC address A0:11:22:BE:44:2C, IP address 192.168.10.102 and host name Taylor1 and you import a record that has MAC address A0:11:22:BE:44:2C, IP address 192.168.5.10 and host name Jones1. The MAC address remains the same since that is the key, but the other fields are updated. The database now contains a host record with MAC address A0:11:22:BE:44:2C, IP address 192.168.5.10 and host name Jones1.

    Imported data is displayed on multiple views. Adapter data is displayed on the Adapter View and in Adapter Properties. Host data is displayed in the Host View, in Host Properties. User data is displayed in the User View and User Properties.

    The table below lists all of the possible import data fields by the name that should be used in the header row, indicates which fields are required and provides a definition for each field.

    Fields

    Header Field

    Required For

    Properties Field: Definition

    Adapter

    adap.ip

    IP address: IP address of the adapter. Use a valid IP format, such as, 127.0.0.1.

    adap.mac

    host

    Physical Address: MAC address of the adapter. Use a valid MAC format, such as 00:19:D1:94:5C:06.

    adap.loc

    Location: The switch and port where the adapter is connected to the network.

    adap.media

    Media Type: Network interface type (wired or wireless).

    adap.accessVal

    Access Value: VLAN to which the adapter is assigned.

    adap.descr

    Description: Description of the adapter, such as, Intel(R) 82566DM Gigabit Network Connection.

    adap.venName

    Vendor Name: Name of the vendor for the adapter based on the first three octets of the MAC address, such as, Intel Corporation. vendor OUIs are stored in the database and can be viewed through the vendor OUI screen. See Vendor OUIs.

    Host view

    host.host

    Host Name: Name of the host.

    host.role

    Role: Roles are attributes on hosts that can be used as filters by FortiNAC when selecting a network access policy, an endpoint compliance policy or a Supplicant EasyConnect Policy. The role must be defined in FortiNAC and must be the same spelling and case. If the role field is blank or is not included in the import the host is assigned to the NAC-Default role.

    host.owner

    Registered User: User ID of the host's owner. On import FortiNAC checks for the user in its own database and in the LDAP directory. If the user does not exist a new user record is created. If the user does exist the user is connected to the host.

    host.expireDate

    Expiration Date: Date that the host is aged out of the database. Date format is MM/dd/yy HH:mm AM/PM Timezone or 04/07/10 08:11 AM EST. If not included in the import, the global setting in FortiNAC Properties is used. See Aging.

    The value "Never" can be used to prevent a host from ever being removed from the database by the aging process.

    Host age times are evaluated every ten minutes. If you specify a date and time, the host may not be removed from the database for up to ten minutes after the time selected.

    host.inact

    Days Inactive: the host can be inactive before being aged out. This number is used to calculate the date to age the host out of the database. If not included in the import, the global setting in FortiNAC Properties is used. See Aging.

    To avoid using the default settings you must enter a number in this field. You can use a very large number to ensure that the host is not deleted, such as 1825 Days (equals five years). Make sure that there is a space between the number and the word Days. The format for the value must be as follows:

    xxx Days

    1825 Days

    host.sn

    Serial Number: Serial number of the host.

    host.hwType

    Hardware Type

    host.os

    Operating System: Host's operating system such as Windows XP or macOS.

    Note

    Only hosts that have an operating system listed in Host Properties are rescanned at the scheduled rescan time. Valid operating systems include: Windows or Mac.

    host.agentTag

    Asset Tag: Arbitrary value assigned in the BIOS by the owner or manufacturer.

    host.agentVer

    Agent Version: Version number of the Persistent Agent installed on the host.

    host.hasAgent

    Persistent Agent: Indicates whether or not the host has an agent installed. Use true or false. If the field is left blank, the default is false.

    host.notes

    Notes: Data is imported into the Notes field in Host Properties.

    host.topo

    host -
    if importing into Inventory

    Topology: Container in Inventory where this host should be placed on import. This field is required if importing into Inventory. Host is managed by the Host View but displays in both the Host View and the Inventory.

    host.dirPolVal

    Security And Access Value: Security and Access Value is an attribute used as a filter for user/host profiles. Typically this is a value that comes from the user record in the directory. However, if you are not authenticating through a directory or if this host does not have an owner, the Security and Access Value can be entered manually.

    host.devType

    Device Type: Must be one of the following device types or blank:

    • Alarm System
    • Android
    • Apple iOS
    • Camera
    • Card Reader
    • Cash Register
    • Dialup Server
    • Environmental Control
    • Gaming Device
    • Generic Monitoring System
    • Health Care Device
    • Hub
    • IP Phone
    • IPS / IDS
    • Linux
    • macOS
    • Mobile Device
    • Network
    • PBX
    • Pingable
    • Printer
    • Registered Host
    • Server
    • StealthWatch
    • Top Layer IPS
    • Unix
    • UPS
    • Vending Machine
    • Windows
    • Wireless Access Point
    • VPN

    siblings

    Siblings: Adapters that are on the same host are siblings. For example, if a PC has a wireless adapter and a wired adapter, those adapters are siblings.

    Enter the MAC addresses of all of the adapters for this host separated by semi-colons (;). See the example below:

    00:15:70:CA:7D:01;00:15:70:CA:7D:00

    Each adapter must have a separate record in the .csv file, with a siblings field listing all of the adapters on the host.

    Some device types may have only one adapter, such as IP Phones. To import those devices, include the MAC address of the single adapter in the siblings field with no semi-colon.

    User

    authType

    Local- local user

    RADIUS: RADIUS user

    LDAP: LDAP user

    Note

    If "authType" is set to "LDAP" the user record will sync with the directory

    user.fn

    User's first name.

    user.ln

    User's last name.

    user.uid

    user

    ID: Unique alpha numeric user ID.

    If a directory is used for authentication, when the FortiNAC database is synchronized with the directory, data for users with matching IDs is overwritten with data from the directory. For example, if you import a user with ID AB118 named Ann Brown and the directory contains a record of AB118 as Andrew Bowman, then your database shows AB118 Andrew Bowman.

    user.email

    User's e-mail address. For multiple e-mail addresses, enter addresses separated by commas or semi-colons. Messages are sent to all e-mail addresses provided.

    user.addr

    User's mailing address.

    user.city

    User's city.

    user.st

    User's state.

    user.zip

    User's postal code.

    user.ph

    User's telephone number.

    user.title

    User's title.

    user.role

    Role: Roles are attributes on users that can be used as filters by FortiNAC when selecting a network access policy, an endpoint compliance policy or a Supplicant EasyConnect Policy. The role must be defined in FortiNAC and must be the same spelling and case. If the role field is blank or is not included in the import the host is assigned to the NAC-Default role.

    user.notes

    Notes: Data is imported into the Notes field in User Properties.

    user.pw

    Password: Password for this user.

    user.dirPolVal

    Security And Access Value: Security and Access Value is an attribute of a user that can be used as a filter for user/host profiles. Typically this is a value that comes from the user record in the directory. However, if you are not authenticating through a directory the Security and Access Value can be entered manually.

    user.expireDate

    Expiration Date: Date that the user is aged out of the database. Date format is MM/dd/yy HH:mm AM/PM Timezone or 04/07/10 08:11 AM EST.

    user.maxHosts

    Allowed Hosts: Maximum number of hosts that can be associated with or registered to this user and connect to the network.

    user.delHosts

    Delete Associated Hosts: Indicates whether or not hosts registered to this user should be deleted when the user is aged out of the database. Enter either Yes or No. This data displays on the User Properties window in the Time section and is set when the expiration date is set.

    Importing this field requires that you also include user.expireDate in your import file. If you do not include user.expireDate, the user.delHosts field data is not imported.

    user.smsNum

    Mobile Number: User's mobile phone number. This can be used to send SMS Messages based on events and alarms.

    user.smsPro

    Mobile Provider: The carrier or provider for the user's mobile phone. This must match the name of one of the providers in the Mobile Providers list in the database. See Mobile providers.
    Previous
    Next

    Import hosts, users or devices

    Import hosts, users or devices

    Hosts, users or devices can be imported into the database from a .csv (comma separated value) file. Devices imported through the Host View are displayed in the Host View.

    Create an import file

    To add Hosts, users, devices or IP Phones create a comma separated value (.csv) file using any text editor or spreadsheet tool. If you are using a text editor to create the file, use commas to separate the fields when you enter the data. Use carriage returns to separate records. You can mix the types of records you are importing. For example, you can import hosts, users and IP Phones in the same file as long as you have all of the appropriate fields in the header row.

    To add Hosts or Devices create a comma separated value (.csv) file using any text editor or spreadsheet tool. If you are using a text editor to create the file, use commas to separate the fields when you enter the data. Use carriage returns to separate records.

    The first row in the file is a header row and must contain a comma separated list of the database field names that are included in the import file. The order of the fields does not matter. For example, to import hosts and their corresponding adapters the header row could have the following fields: adap.mac,adap.ip,host.owner,host.host,siblings

    Unless otherwise specified, data type is a string with no size limitations. Fields are case sensitive. For example, if you have user IDs SMITH123 and Smith123, the database treats these as two separate user records.

    If you import something that already exists in the database, the existing record is updated with the new data from the import. For example, assume the database contains a host record with MAC address A0:11:22:BE:44:2C, IP address 192.168.10.102 and host name Taylor1 and you import a record that has MAC address A0:11:22:BE:44:2C, IP address 192.168.5.10 and host name Jones1. The MAC address remains the same since that is the key, but the other fields are updated. The database now contains a host record with MAC address A0:11:22:BE:44:2C, IP address 192.168.5.10 and host name Jones1.

    Imported data is displayed on multiple views. Adapter data is displayed on the Adapter View and in Adapter Properties. Host data is displayed in the Host View, in Host Properties. User data is displayed in the User View and User Properties.

    The table below lists all of the possible import data fields by the name that should be used in the header row, indicates which fields are required and provides a definition for each field.

    Fields

    Header Field

    Required For

    Properties Field: Definition

    Adapter

    adap.ip

    IP address: IP address of the adapter. Use a valid IP format, such as, 127.0.0.1.

    adap.mac

    host

    Physical Address: MAC address of the adapter. Use a valid MAC format, such as 00:19:D1:94:5C:06.

    adap.loc

    Location: The switch and port where the adapter is connected to the network.

    adap.media

    Media Type: Network interface type (wired or wireless).

    adap.accessVal

    Access Value: VLAN to which the adapter is assigned.

    adap.descr

    Description: Description of the adapter, such as, Intel(R) 82566DM Gigabit Network Connection.

    adap.venName

    Vendor Name: Name of the vendor for the adapter based on the first three octets of the MAC address, such as, Intel Corporation. vendor OUIs are stored in the database and can be viewed through the vendor OUI screen. See Vendor OUIs.

    Host view

    host.host

    Host Name: Name of the host.

    host.role

    Role: Roles are attributes on hosts that can be used as filters by FortiNAC when selecting a network access policy, an endpoint compliance policy or a Supplicant EasyConnect Policy. The role must be defined in FortiNAC and must be the same spelling and case. If the role field is blank or is not included in the import the host is assigned to the NAC-Default role.

    host.owner

    Registered User: User ID of the host's owner. On import FortiNAC checks for the user in its own database and in the LDAP directory. If the user does not exist a new user record is created. If the user does exist the user is connected to the host.

    host.expireDate

    Expiration Date: Date that the host is aged out of the database. Date format is MM/dd/yy HH:mm AM/PM Timezone or 04/07/10 08:11 AM EST. If not included in the import, the global setting in FortiNAC Properties is used. See Aging.

    The value "Never" can be used to prevent a host from ever being removed from the database by the aging process.

    Host age times are evaluated every ten minutes. If you specify a date and time, the host may not be removed from the database for up to ten minutes after the time selected.

    host.inact

    Days Inactive: the host can be inactive before being aged out. This number is used to calculate the date to age the host out of the database. If not included in the import, the global setting in FortiNAC Properties is used. See Aging.

    To avoid using the default settings you must enter a number in this field. You can use a very large number to ensure that the host is not deleted, such as 1825 Days (equals five years). Make sure that there is a space between the number and the word Days. The format for the value must be as follows:

    xxx Days

    1825 Days

    host.sn

    Serial Number: Serial number of the host.

    host.hwType

    Hardware Type

    host.os

    Operating System: Host's operating system such as Windows XP or macOS.

    Note

    Only hosts that have an operating system listed in Host Properties are rescanned at the scheduled rescan time. Valid operating systems include: Windows or Mac.

    host.agentTag

    Asset Tag: Arbitrary value assigned in the BIOS by the owner or manufacturer.

    host.agentVer

    Agent Version: Version number of the Persistent Agent installed on the host.

    host.hasAgent

    Persistent Agent: Indicates whether or not the host has an agent installed. Use true or false. If the field is left blank, the default is false.

    host.notes

    Notes: Data is imported into the Notes field in Host Properties.

    host.topo

    host -
    if importing into Inventory

    Topology: Container in Inventory where this host should be placed on import. This field is required if importing into Inventory. Host is managed by the Host View but displays in both the Host View and the Inventory.

    host.dirPolVal

    Security And Access Value: Security and Access Value is an attribute used as a filter for user/host profiles. Typically this is a value that comes from the user record in the directory. However, if you are not authenticating through a directory or if this host does not have an owner, the Security and Access Value can be entered manually.

    host.devType

    Device Type: Must be one of the following device types or blank:

    • Alarm System
    • Android
    • Apple iOS
    • Camera
    • Card Reader
    • Cash Register
    • Dialup Server
    • Environmental Control
    • Gaming Device
    • Generic Monitoring System
    • Health Care Device
    • Hub
    • IP Phone
    • IPS / IDS
    • Linux
    • macOS
    • Mobile Device
    • Network
    • PBX
    • Pingable
    • Printer
    • Registered Host
    • Server
    • StealthWatch
    • Top Layer IPS
    • Unix
    • UPS
    • Vending Machine
    • Windows
    • Wireless Access Point
    • VPN

    siblings

    Siblings: Adapters that are on the same host are siblings. For example, if a PC has a wireless adapter and a wired adapter, those adapters are siblings.

    Enter the MAC addresses of all of the adapters for this host separated by semi-colons (;). See the example below:

    00:15:70:CA:7D:01;00:15:70:CA:7D:00

    Each adapter must have a separate record in the .csv file, with a siblings field listing all of the adapters on the host.

    Some device types may have only one adapter, such as IP Phones. To import those devices, include the MAC address of the single adapter in the siblings field with no semi-colon.

    User

    authType

    Local- local user

    RADIUS: RADIUS user

    LDAP: LDAP user

    Note

    If "authType" is set to "LDAP" the user record will sync with the directory

    user.fn

    User's first name.

    user.ln

    User's last name.

    user.uid

    user

    ID: Unique alpha numeric user ID.

    If a directory is used for authentication, when the FortiNAC database is synchronized with the directory, data for users with matching IDs is overwritten with data from the directory. For example, if you import a user with ID AB118 named Ann Brown and the directory contains a record of AB118 as Andrew Bowman, then your database shows AB118 Andrew Bowman.

    user.email

    User's e-mail address. For multiple e-mail addresses, enter addresses separated by commas or semi-colons. Messages are sent to all e-mail addresses provided.

    user.addr

    User's mailing address.

    user.city

    User's city.

    user.st

    User's state.

    user.zip

    User's postal code.

    user.ph

    User's telephone number.

    user.title

    User's title.

    user.role

    Role: Roles are attributes on users that can be used as filters by FortiNAC when selecting a network access policy, an endpoint compliance policy or a Supplicant EasyConnect Policy. The role must be defined in FortiNAC and must be the same spelling and case. If the role field is blank or is not included in the import the host is assigned to the NAC-Default role.

    user.notes

    Notes: Data is imported into the Notes field in User Properties.

    user.pw

    Password: Password for this user.

    user.dirPolVal

    Security And Access Value: Security and Access Value is an attribute of a user that can be used as a filter for user/host profiles. Typically this is a value that comes from the user record in the directory. However, if you are not authenticating through a directory the Security and Access Value can be entered manually.

    user.expireDate

    Expiration Date: Date that the user is aged out of the database. Date format is MM/dd/yy HH:mm AM/PM Timezone or 04/07/10 08:11 AM EST.

    user.maxHosts

    Allowed Hosts: Maximum number of hosts that can be associated with or registered to this user and connect to the network.

    user.delHosts

    Delete Associated Hosts: Indicates whether or not hosts registered to this user should be deleted when the user is aged out of the database. Enter either Yes or No. This data displays on the User Properties window in the Time section and is set when the expiration date is set.

    Importing this field requires that you also include user.expireDate in your import file. If you do not include user.expireDate, the user.delHosts field data is not imported.

    user.smsNum

    Mobile Number: User's mobile phone number. This can be used to send SMS Messages based on events and alarms.

    user.smsPro

    Mobile Provider: The carrier or provider for the user's mobile phone. This must match the name of one of the providers in the Mobile Providers list in the database. See Mobile providers.
    Previous
    Next