Contributor

Technical Tip: Create event to Alarm Mapping to change host role

Forum|Forum|4 years ago
September 21, 2021
0 replies
1080 views

Description
This article describes how to create event to Alarm Mapping to change host role when role is changed due to compliance policy action changing role.

Related document.
https://docs.fortinet.com/document/fortinac/9.1.0/administration-guide/225131/add-or-modify-alarm-mapping

Solution
When the compliance policy is set up to change the host role, it will not change it back on a rescan.
It is necessary to have an event to Alarm mapping setup to see the event and make the change on the host.

FortiNAC 9.x.

1) Create Mapping in Logs -> Event & Alarms and select 'Mappings'.

2) Select 'Add'.
3) Check 'Enabled' if not already.
4) Trigger Event = Host Passed Security Test.
5) Select other options as necessary.
6) Trigger Rule = One Event to One Alarm.
7) Action = Host Role Action.
- Primary Task = NAC-Default.

8) Select 'Ok'.

FortiNAC 8.x.

1) Create Mapping in Logs and select 'Event to Alarms Mappings'.

2) Select 'Add'.
3) Check Enabled if not already.
4) Trigger Event = Host Passed Security Test.
5) Select other options as necessary.
6) Trigger Rule = One Event to One Alarm.
7) Action = Host Role Action.
- Primary Task = NAC-Default.

8) Select 'OK'.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded