Technical Tip: How to assign a host role using persistent agent auto-registration

Since FortiNAC Persistent Agent auto-registration does not natively provide an option to assign roles, it is commonly observed that Device Profiling Rules are used when role assignment is required. Although this option is not available natively, it is possible to assign roles to hosts by following the steps outlined below using FortiNAC Persistent Agent auto-registration.

1. Configure the FortiNAC Persistent Agent Credential Configuration as shown below.

2. Create a local host group as shown below.

3. Create a Passive Agent rule, and under 'Add to Groups', select the host group that was created in the previous step. 

4. Create a role and add the host group created in the second step into this role, as shown below.

5. When a rogue host establishes a Persistent Agent connection, it will be registered through the Passive Agent rule. Since the host group is selected in the Passive Agent rule, the host will be added to that group. As the same group is also associated with the created role, the host will automatically be assigned the desired role.