Fortinet black logo

Third Party MDM Device Integration

Home FortiNAC 9.4.0 Third Party MDM Device Integration
9.4.0
9.4.0
9.2.0
9.1.0
8.8.0
8.7.0
8.6.0
8.5.0
8.3.0

Policies

Policies

Configure policies to automatically provision network access based upon specific criteria as registered hosts connect to the network. Network Access Policies are comprised of two components:

  • User/Host Profile: Defines user and/or host data criteria used to assign Network Access Policies. Additional fields that are specific to MDM Services have been added to the host record and can be used as a filter in User/Host Profiles. Refer to sections Host View and Search and filter options of the Administration Guide in the Fortinet Document Library for additional information.

Managed by MDM

(Applicable MDM's: All)

FortiNAC registered the host based on data from MDM database.

Compliant

(Applicable MDM's: Airwatch/Workspace One, Claroty, Fortinet EMS, MS InTune, XenMobile (Citrix), MaaS360, MobileIron)

FortiNAC gathered endpoint compliance information from the MDM server and marks the host as compliant with MDM policies or not. Note: Does not list vulnerabilities.

Passcode Enabled

(Applicable MDM's: Airwatch/Workspace One, XenMobile (Citrix), MaaS360, MobileIron)

Indicates if there is a passcode required to access the endpoint.

Data Encryption

(Applicable MDM's: Airwatch/Workspace One, XenMobile (Citrix), MaaS360, MobileIron)

Indicates whether data encryption is enabled on the endpoint.

Compromised

(Applicable MDM's: Airwatch/Workspace One, XenMobile (Citrix), MaaS360, MobileIron)

This is an additional field separate from whether it’s complaint, if the MDM marks the endpoint as compromised.

Note the following when determining criteria for User/Host Profiles:

  • Devices registered using MDM are registered to a user if the user in the MDM matches a user in FortiNAC. If the user is not found, the device will be registered as a device and not to a user.

  • Devices registered from Jamf are assigned NAC-Default as the role.

  • Network Access Configuration: Specifies the network access value (VLAN or role) to apply when a host matches the associated User/Host Profile.

    Example: Place all iOS devices on VLAN 10 and all MacOSX devices on VLAN 11.

    iOS Network Access Policy:

  • User/Host Profiles specifying iOS operating system

  • Network Access Configuration specifying VLAN 10

    MacOSX Network Access Policy:

  • User/Host Profile specifying MacOSX operating system

  • Network Access Configuration specifying VLAN 11

    Refer to section Network access policies of the Administration Guide in the Fortinet Document Library for additional information.

Proceed to Validate.

Previous
Next

Policies

Configure policies to automatically provision network access based upon specific criteria as registered hosts connect to the network. Network Access Policies are comprised of two components:

  • User/Host Profile: Defines user and/or host data criteria used to assign Network Access Policies. Additional fields that are specific to MDM Services have been added to the host record and can be used as a filter in User/Host Profiles. Refer to sections Host View and Search and filter options of the Administration Guide in the Fortinet Document Library for additional information.

Managed by MDM

(Applicable MDM's: All)

FortiNAC registered the host based on data from MDM database.

Compliant

(Applicable MDM's: Airwatch/Workspace One, Claroty, Fortinet EMS, MS InTune, XenMobile (Citrix), MaaS360, MobileIron)

FortiNAC gathered endpoint compliance information from the MDM server and marks the host as compliant with MDM policies or not. Note: Does not list vulnerabilities.

Passcode Enabled

(Applicable MDM's: Airwatch/Workspace One, XenMobile (Citrix), MaaS360, MobileIron)

Indicates if there is a passcode required to access the endpoint.

Data Encryption

(Applicable MDM's: Airwatch/Workspace One, XenMobile (Citrix), MaaS360, MobileIron)

Indicates whether data encryption is enabled on the endpoint.

Compromised

(Applicable MDM's: Airwatch/Workspace One, XenMobile (Citrix), MaaS360, MobileIron)

This is an additional field separate from whether it’s complaint, if the MDM marks the endpoint as compromised.

Note the following when determining criteria for User/Host Profiles:

  • Devices registered using MDM are registered to a user if the user in the MDM matches a user in FortiNAC. If the user is not found, the device will be registered as a device and not to a user.

  • Devices registered from Jamf are assigned NAC-Default as the role.

  • Network Access Configuration: Specifies the network access value (VLAN or role) to apply when a host matches the associated User/Host Profile.

    Example: Place all iOS devices on VLAN 10 and all MacOSX devices on VLAN 11.

    iOS Network Access Policy:

  • User/Host Profiles specifying iOS operating system

  • Network Access Configuration specifying VLAN 10

    MacOSX Network Access Policy:

  • User/Host Profile specifying MacOSX operating system

  • Network Access Configuration specifying VLAN 11

    Refer to section Network access policies of the Administration Guide in the Fortinet Document Library for additional information.

Proceed to Validate.

Previous
Next