Fortinet white logo
Fortinet white logo

FortiNAC Manager

9.4.0

Settings

Settings

The fields listed in the table below are displayed in columns on the Host View based on the selections you make in the Settings window. These fields are also used in custom filters to search for hosts. See Quick search. Additional fields that can be displayed on the Host View are fields for the user associated with the selected host. See Search settings.

You may not have access to all of the fields listed in this table. Access depends on the type of license key installed and which features are enabled in that license.

Field

Definition

Agent Platform

Distinguishes between Windows, macOS, iOS, and Mobile Agent.

Agent Version

The version number of the Persistent Agent, Mobile Agent, or Dissolvable Agent installed on the host.

None is displayed if the host is a type set to by-pass the agent scan in the endpoint compliance configuration.

Allowed Hosts

The number of hosts that can be associated with or registered to this user and connect to the network. There are two ways to reach this total.

If the host is scanned by an agent or if adapters have been manually associated with hosts, then a single host with up to five adapters counts as one host.

If the host is not scanned by an agent or if the adapters have not been associated with specific hosts, then each adapter is counted individually as a host. In this scenario one host with two network adapters would be counted as two hosts.

Numbers entered in this field override the default setting in System > Settings > Network Device. Blank indicates that the default is used. See Network device.

If an administrator exceeds the number of hosts when registering a host to a user, a warning message is displayed indicating that the number of Allowed Hosts has been incremented and the additional hosts are registered to the user.

Applications

Applications running on the host. Categories of applications include: antivirus, Hotfixes and operating system.

Asset Tag

The Asset Tag of the host that is populated by the agent when the asset tag is readable by the agent. The asset tag is derived from the System Management BIOS (SMBIOS).

Authenticated

Indicates whether the host is authenticated.

Delete Hosts When User Expires

If set to Yes, hosts registered to the user are deleted when the user ages out of the database. To modify click Set.

Device Type

If the Host is a pingable device that is being managed in Hosts view, this field indicates the specific type of device.

The list includes:

  • Alarm System
  • Android
  • Apple iOS
  • Camera
  • Card Reader
  • Cash Register
  • Dialup Server
  • Environmental Control
  • Gaming Device
  • Generic Monitoring System
  • Health Care Device
  • Hub
  • IP Phone
  • IPS / IDS
  • Linux
  • Mobile Device
  • Network
  • PBX
  • Pingable
  • Printer
  • Registered Host
  • Server
  • StealthWatch
  • Top Layer IPS
  • Unix
  • UPS
  • Vending Machine
  • VPN
  • Windows
  • Wireless Access Point
  • macOS

Container (Inventory)

Indicates whether this host is also displayed in the Inventory and shows the Container in which it is stored.

First Name

User's first name.

Last Name

User's last name.

Email

User's email address.

Address

User's physical address.

City

User's city.

State

User's state.

Postal Code

User's postal code.

Phone

User's phone number.

Mobile Phone

User's cell phone number.

Mobile Provider

User's mobile provider.

Notes

Notes entered by the administrator. If this user registered as a guest, this section also contains information gathered at registration that does not have designated database fields, such as Person Visiting or Reason for Visit.

Include IP Phones

Appears when any option except Rogue is in the Host Type drop-down list. When selected, hosts that are IP Phones are included in the Host View.

Hardware Type

Type of Hardware, such as a PC.

Created Date

Date the host record was created in the database. Options include last, between, before, and after.

Expiration Date

Controls the number of days a Host is authorized on the network. Options include Next, Before, After, Between, Never, and None. Host is deleted from the database when the date specified here has passed. The date is automatically calculated based on the information entered when Aging is configured. See Aging out host or user records.

Inactivity Date

Controls the number of days a Host is authorized on the network. Options include Next, Before, After, Between, Never, and None. Host is deleted from the database when the date specified here has passed. The date is continuously recalculated based on the information entered in the Days Inactive field. See Aging out host or user records.

Last Connected

Date and time of the last communication with the Host. Options include Last, Before, After, Between, and Never.

Host Name

Name of the host.

Host Notes

Notes about this host.

Host Role

Role assigned to the Host. Roles are attributes of hosts and can be used as filters in a user/host profile. See Roles.

Host Security & Access Value

Value that typically comes from a field in the directory, but can be added manually. This value groups users and can be used as a filter in a user/host profile, which in turn are used to assign endpoint compliance policies, network access policies and Supplicant EasyConnect policies. The data in this field could be a department name, a type of user, a graduation class, a location or anything that distinguishes a group of users.

The access value is inherited from the user associated with this host.

Last Modified By

User name of the last user to modify the host.

Last Modified Date

Date and time of the last modification to this host.

Logged On User

Name of the user currently logged into the Host.

Managed By MDM

Host is managed by a Mobile Device Management system and data was retrieved from that system for registration.

MDM Compliant

Host is compliant with MDM policies. This data is retrieved directly from the MDM system.

MDM Compromised

MDM system has found this host to be compromised, such as jailbroken or rooted.

MDM Data Encryption

MDM system has detected that the host is using data protection.

MDM Passcode

MDM system has detected that the host is locked by a passcode when not in use.

Operating System

Host operating system. This is usually determined based on the DHCP fingerprint of the device or is returned by an agent.

Passed Tests

Shows passed scans.

Persistent Agent

Indicates whether the Persistent Agent has been seen on this Host before.

Persistent Agent Communicating

Indicates whether or not the agent is currently communicating.

Registered To

User ID of the user to which this host is registered.

Serial Number

Serial number on the host.

Status

Current or last known status is indicated by an icon. See Icons. Hover over the icon to display additional details about this Host in a tool tip.

  • Connected: Indicates whether host is online or offline.
  • Access: Indicates whether host is enabled or disabled.
  • Security: Indicates whether host is safe, at risk or pending at risk.
  • Authentication: Indicates whether or not the user associated with this host has been authenticated.

When searching for a host based on Security, search results for Safe include Pending at Risk hosts. Those hosts are a sub-set of Safe hosts. Search results for Pending at Risk do not include Safe hosts.

System UUID

The universal unique identifier used to identify the host.

Title

User's title, this could be a form of address or their title within the organization.

Type

Select the type of host.

Host types include:

  • Rogue: Unknown device that has connected to the network.
  • Registered Host With Owner: Device that is registered to a known user. Note:The owner is not the same as the logged on user.
  • Registered Device: Device that is registered by its own host name and is not associated with a single user, such as a library computer or a shared workstation.
  • Registered Host or Device: Both devices that are registered to users and devices that are registered by host name.
  • Registered Device In Host View: Pingable device not associated with a user that is managed in the Host View, such as a printer.
  • Registered Device In Host and Topology: Pingable device not associated with a user that displays in both the Host View and Topology.

User Created

Indicates when this record was created in the database.

User Expires

Controls the number of days a user is authorized on the network. User is deleted from the database when the date specified here has passed. The date is automatically calculated based on the information entered in the Set User Expiration date window.

To modify click Set. See Set user expiration date for additional information.

User Inactivity Date

Controls the number of days a user is authorized on the network. User is deleted from the database when the date specified here has passed. The date is continuously recalculated based on the number of days entered for Inactivity Limit.

For example, if the user logs off the network on August 1st and Inactivity Limit is set to 2 days, the Inactivity Date becomes August 3rd. If on August 2nd the user logs back in again, the Inactivity Date is blank until the next time he logs out. Then the value is recalculated again. To modify click Set.

User Inactivity Limit

Number of days the user must remain continuously inactive to be removed from the database. See Aging out host or user records.

User Notes

Notes entered by the administrator. If this user registered as a guest, this section also contains information gathered at registration that does not have designated database fields, such as Person Visiting or Reason for Visit.

User Role

Role assigned to the user. Roles are attributes of users that can be used as filters in user/host profiles. See Roles.

User Security And Access Value

Value that typically comes from a field in the directory, but can be added manually. This value can be used as a filter to determine which policy to use when scanning a user's computer. The data in this field could be a department name, a type of user, a graduation class, a location or anything that distinguishes a group of users.

VPN Client

Indicates whether the host connects to the network using a VPN connection.

Vulnerability Last Scanned

Lets you filter hosts by defining the time/date when Vulnerability scan results were last processed for the host.

Vulnerability Scan Status

Lets you display hosts that passed or failed the vulnerability scan, or were not scanned.

Settings

Settings

The fields listed in the table below are displayed in columns on the Host View based on the selections you make in the Settings window. These fields are also used in custom filters to search for hosts. See Quick search. Additional fields that can be displayed on the Host View are fields for the user associated with the selected host. See Search settings.

You may not have access to all of the fields listed in this table. Access depends on the type of license key installed and which features are enabled in that license.

Field

Definition

Agent Platform

Distinguishes between Windows, macOS, iOS, and Mobile Agent.

Agent Version

The version number of the Persistent Agent, Mobile Agent, or Dissolvable Agent installed on the host.

None is displayed if the host is a type set to by-pass the agent scan in the endpoint compliance configuration.

Allowed Hosts

The number of hosts that can be associated with or registered to this user and connect to the network. There are two ways to reach this total.

If the host is scanned by an agent or if adapters have been manually associated with hosts, then a single host with up to five adapters counts as one host.

If the host is not scanned by an agent or if the adapters have not been associated with specific hosts, then each adapter is counted individually as a host. In this scenario one host with two network adapters would be counted as two hosts.

Numbers entered in this field override the default setting in System > Settings > Network Device. Blank indicates that the default is used. See Network device.

If an administrator exceeds the number of hosts when registering a host to a user, a warning message is displayed indicating that the number of Allowed Hosts has been incremented and the additional hosts are registered to the user.

Applications

Applications running on the host. Categories of applications include: antivirus, Hotfixes and operating system.

Asset Tag

The Asset Tag of the host that is populated by the agent when the asset tag is readable by the agent. The asset tag is derived from the System Management BIOS (SMBIOS).

Authenticated

Indicates whether the host is authenticated.

Delete Hosts When User Expires

If set to Yes, hosts registered to the user are deleted when the user ages out of the database. To modify click Set.

Device Type

If the Host is a pingable device that is being managed in Hosts view, this field indicates the specific type of device.

The list includes:

  • Alarm System
  • Android
  • Apple iOS
  • Camera
  • Card Reader
  • Cash Register
  • Dialup Server
  • Environmental Control
  • Gaming Device
  • Generic Monitoring System
  • Health Care Device
  • Hub
  • IP Phone
  • IPS / IDS
  • Linux
  • Mobile Device
  • Network
  • PBX
  • Pingable
  • Printer
  • Registered Host
  • Server
  • StealthWatch
  • Top Layer IPS
  • Unix
  • UPS
  • Vending Machine
  • VPN
  • Windows
  • Wireless Access Point
  • macOS

Container (Inventory)

Indicates whether this host is also displayed in the Inventory and shows the Container in which it is stored.

First Name

User's first name.

Last Name

User's last name.

Email

User's email address.

Address

User's physical address.

City

User's city.

State

User's state.

Postal Code

User's postal code.

Phone

User's phone number.

Mobile Phone

User's cell phone number.

Mobile Provider

User's mobile provider.

Notes

Notes entered by the administrator. If this user registered as a guest, this section also contains information gathered at registration that does not have designated database fields, such as Person Visiting or Reason for Visit.

Include IP Phones

Appears when any option except Rogue is in the Host Type drop-down list. When selected, hosts that are IP Phones are included in the Host View.

Hardware Type

Type of Hardware, such as a PC.

Created Date

Date the host record was created in the database. Options include last, between, before, and after.

Expiration Date

Controls the number of days a Host is authorized on the network. Options include Next, Before, After, Between, Never, and None. Host is deleted from the database when the date specified here has passed. The date is automatically calculated based on the information entered when Aging is configured. See Aging out host or user records.

Inactivity Date

Controls the number of days a Host is authorized on the network. Options include Next, Before, After, Between, Never, and None. Host is deleted from the database when the date specified here has passed. The date is continuously recalculated based on the information entered in the Days Inactive field. See Aging out host or user records.

Last Connected

Date and time of the last communication with the Host. Options include Last, Before, After, Between, and Never.

Host Name

Name of the host.

Host Notes

Notes about this host.

Host Role

Role assigned to the Host. Roles are attributes of hosts and can be used as filters in a user/host profile. See Roles.

Host Security & Access Value

Value that typically comes from a field in the directory, but can be added manually. This value groups users and can be used as a filter in a user/host profile, which in turn are used to assign endpoint compliance policies, network access policies and Supplicant EasyConnect policies. The data in this field could be a department name, a type of user, a graduation class, a location or anything that distinguishes a group of users.

The access value is inherited from the user associated with this host.

Last Modified By

User name of the last user to modify the host.

Last Modified Date

Date and time of the last modification to this host.

Logged On User

Name of the user currently logged into the Host.

Managed By MDM

Host is managed by a Mobile Device Management system and data was retrieved from that system for registration.

MDM Compliant

Host is compliant with MDM policies. This data is retrieved directly from the MDM system.

MDM Compromised

MDM system has found this host to be compromised, such as jailbroken or rooted.

MDM Data Encryption

MDM system has detected that the host is using data protection.

MDM Passcode

MDM system has detected that the host is locked by a passcode when not in use.

Operating System

Host operating system. This is usually determined based on the DHCP fingerprint of the device or is returned by an agent.

Passed Tests

Shows passed scans.

Persistent Agent

Indicates whether the Persistent Agent has been seen on this Host before.

Persistent Agent Communicating

Indicates whether or not the agent is currently communicating.

Registered To

User ID of the user to which this host is registered.

Serial Number

Serial number on the host.

Status

Current or last known status is indicated by an icon. See Icons. Hover over the icon to display additional details about this Host in a tool tip.

  • Connected: Indicates whether host is online or offline.
  • Access: Indicates whether host is enabled or disabled.
  • Security: Indicates whether host is safe, at risk or pending at risk.
  • Authentication: Indicates whether or not the user associated with this host has been authenticated.

When searching for a host based on Security, search results for Safe include Pending at Risk hosts. Those hosts are a sub-set of Safe hosts. Search results for Pending at Risk do not include Safe hosts.

System UUID

The universal unique identifier used to identify the host.

Title

User's title, this could be a form of address or their title within the organization.

Type

Select the type of host.

Host types include:

  • Rogue: Unknown device that has connected to the network.
  • Registered Host With Owner: Device that is registered to a known user. Note:The owner is not the same as the logged on user.
  • Registered Device: Device that is registered by its own host name and is not associated with a single user, such as a library computer or a shared workstation.
  • Registered Host or Device: Both devices that are registered to users and devices that are registered by host name.
  • Registered Device In Host View: Pingable device not associated with a user that is managed in the Host View, such as a printer.
  • Registered Device In Host and Topology: Pingable device not associated with a user that displays in both the Host View and Topology.

User Created

Indicates when this record was created in the database.

User Expires

Controls the number of days a user is authorized on the network. User is deleted from the database when the date specified here has passed. The date is automatically calculated based on the information entered in the Set User Expiration date window.

To modify click Set. See Set user expiration date for additional information.

User Inactivity Date

Controls the number of days a user is authorized on the network. User is deleted from the database when the date specified here has passed. The date is continuously recalculated based on the number of days entered for Inactivity Limit.

For example, if the user logs off the network on August 1st and Inactivity Limit is set to 2 days, the Inactivity Date becomes August 3rd. If on August 2nd the user logs back in again, the Inactivity Date is blank until the next time he logs out. Then the value is recalculated again. To modify click Set.

User Inactivity Limit

Number of days the user must remain continuously inactive to be removed from the database. See Aging out host or user records.

User Notes

Notes entered by the administrator. If this user registered as a guest, this section also contains information gathered at registration that does not have designated database fields, such as Person Visiting or Reason for Visit.

User Role

Role assigned to the user. Roles are attributes of users that can be used as filters in user/host profiles. See Roles.

User Security And Access Value

Value that typically comes from a field in the directory, but can be added manually. This value can be used as a filter to determine which policy to use when scanning a user's computer. The data in this field could be a department name, a type of user, a graduation class, a location or anything that distinguishes a group of users.

VPN Client

Indicates whether the host connects to the network using a VPN connection.

Vulnerability Last Scanned

Lets you filter hosts by defining the time/date when Vulnerability scan results were last processed for the host.

Vulnerability Scan Status

Lets you display hosts that passed or failed the vulnerability scan, or were not scanned.