Fortinet black logo

Control Manager

Home FortiNAC 8.5.0 Control Manager
8.5.0
8.8.0
8.7.0
8.6.0
8.5.0
8.3.0

Device profiling rules

Device profiling rules

Device Profiling Rules are used by the Device Profiler feature to categorize rogue hosts that connect to the network. As a rogue connects to the network and receives an IP address its information is compared to all methods within each enabled rule in turn until a match is found. The rogue device can be managed in a variety of ways depending on the configuration of the rule.

Any of the following scenarios could result from a match.

  • The rogue matches a rule and is registered. It is displayed in the Host View as a registered host and can be seen in the Profiled Devices window. It remains associated with the matching rule and can be managed by a Device manager. Future rules cannot be run against this device unless it is deleted from the system and becomes a rogue again when it connects to the network.
  • The rogue matches a rule and is registered. It is displayed in the Host View as a registered host and is associated with a specific user, thus creating an identity for that device. It is removed from the Profiled Devices window and cannot be managed by a Device manager. Future rules cannot be run against this device unless it is deleted from the system and becomes a rogue again when it connects to the network.
  • The rogue matches a rule, but the rule is not configured to place the device in Topology View or Host View. The device remains a rogue, but is associated with the rule. Future rules can be run against this device as long as it remains unregistered. The device can be seen in the Profiled Devices window. If Notify Sponsor is enabled, the Device manager receives an e-mail that there was a match. The device can be managed by the Device manager. The Device manager can register the device which places it in the Host View or can delete the device. An administrative user can access the device in the Host View and change it to a device if it needs to be in Topology.
  • Device Profiler does not see devices that are no longer rogues and cannot match those devices with new or modified rules.

Devices placed in the Host View display in the Profiled Devices window until the device is associated with a user.

Host view

Device Profiling Rules can be used to place rogue devices in the Host View.

Devices that are kept in the Host View have a connection history and can be associated with a user. If the connection to the device fails, events and alarms can be configured to notify you that the device is no longer communicating.

Previous
Next

Device profiling rules

Device Profiling Rules are used by the Device Profiler feature to categorize rogue hosts that connect to the network. As a rogue connects to the network and receives an IP address its information is compared to all methods within each enabled rule in turn until a match is found. The rogue device can be managed in a variety of ways depending on the configuration of the rule.

Any of the following scenarios could result from a match.

  • The rogue matches a rule and is registered. It is displayed in the Host View as a registered host and can be seen in the Profiled Devices window. It remains associated with the matching rule and can be managed by a Device manager. Future rules cannot be run against this device unless it is deleted from the system and becomes a rogue again when it connects to the network.
  • The rogue matches a rule and is registered. It is displayed in the Host View as a registered host and is associated with a specific user, thus creating an identity for that device. It is removed from the Profiled Devices window and cannot be managed by a Device manager. Future rules cannot be run against this device unless it is deleted from the system and becomes a rogue again when it connects to the network.
  • The rogue matches a rule, but the rule is not configured to place the device in Topology View or Host View. The device remains a rogue, but is associated with the rule. Future rules can be run against this device as long as it remains unregistered. The device can be seen in the Profiled Devices window. If Notify Sponsor is enabled, the Device manager receives an e-mail that there was a match. The device can be managed by the Device manager. The Device manager can register the device which places it in the Host View or can delete the device. An administrative user can access the device in the Host View and change it to a device if it needs to be in Topology.
  • Device Profiler does not see devices that are no longer rogues and cannot match those devices with new or modified rules.

Devices placed in the Host View display in the Profiled Devices window until the device is associated with a user.

Host view

Device Profiling Rules can be used to place rogue devices in the Host View.

Devices that are kept in the Host View have a connection history and can be associated with a user. If the connection to the device fails, events and alarms can be configured to notify you that the device is no longer communicating.

Previous
Next