Fortinet black logo

Administration Guide

Chaining configuration scans

Copy Link
Copy Doc ID 3c991e35-cb27-11ec-81de-fa163e15d75b:370093

Chaining configuration scans

When advanced scan controls is enabled for an endpoint compliance configuration, you can map a security action containing Run Endpoint Compliance Configuration to scan results.

The Run Endpoint Compliance Configuration activity will run scans for additional endpoint compliance configurations. This allows further scans to be run on hosts when additional levels of access are needed. For example, if the host is part of a group requiring access to a secure VLAN, you can run additional scans the host must pass to be allowed onto this area of the network. Access is determined by the highest level scan that the host passes.

When a host is authenticated and matches an endpoint compliance policy, the endpoint compliance configuration scan is run. When the action is taken based on the scan results, if the Run Endpoint Compliance Configuration activity is performed and the endpoint compliance configuration scan starts successfully, the action moves to the next activity in the list while the endpoint compliance configuration scan is running.

If the endpoint compliance configuration scan does not successfully start, additional activities are only performed if On Activity Failure is set to Continue Running Activities.

There is no limit on the number of actions that can be run based on scan results.

The Persistent Agent must be installed on the host.

To enable and configure advanced scan controls, go to Policy & Objects. Click Endpoint Compliance > Configuration, and then click Add or select an existing configuration and click Modify.

Chaining configuration scans

When advanced scan controls is enabled for an endpoint compliance configuration, you can map a security action containing Run Endpoint Compliance Configuration to scan results.

The Run Endpoint Compliance Configuration activity will run scans for additional endpoint compliance configurations. This allows further scans to be run on hosts when additional levels of access are needed. For example, if the host is part of a group requiring access to a secure VLAN, you can run additional scans the host must pass to be allowed onto this area of the network. Access is determined by the highest level scan that the host passes.

When a host is authenticated and matches an endpoint compliance policy, the endpoint compliance configuration scan is run. When the action is taken based on the scan results, if the Run Endpoint Compliance Configuration activity is performed and the endpoint compliance configuration scan starts successfully, the action moves to the next activity in the list while the endpoint compliance configuration scan is running.

If the endpoint compliance configuration scan does not successfully start, additional activities are only performed if On Activity Failure is set to Continue Running Activities.

There is no limit on the number of actions that can be run based on scan results.

The Persistent Agent must be installed on the host.

To enable and configure advanced scan controls, go to Policy & Objects. Click Endpoint Compliance > Configuration, and then click Add or select an existing configuration and click Modify.