Skip to main content
HeretoLearn23
HeretoLearn23
New Member
September 17, 2024
Question

Change a policy a host has by modifying device profile rule

  • September 17, 2024
  • 1 reply
  • 1332 views

Currently have device profile rules not linked to any policy. 

Then changed what host role the device profile rule give in registration settings. 

 

Devices in this group are not updating with the new Role. 

Deleting the device and NAC relearning/profiling to the same rule does then apply the new role. 

 

Is there a more automated way for the devices in a rule to update their role? 

 

Thanks

1 reply

Hatibi
Staff & Editor
Hatibi
Staff & Editor
September 18, 2024
 

Hello @Anonymous_User,

 

you can enable the automatic registration once the device matches the rule and define the role in the rule itself.

 

Profiling_rule.png

    HeretoLearn23
    HeretoLearn23Author
    New Member
    September 18, 2024

    Correct this is enabled. 

    For example I have a rule that had the role 'IOT-External-Only'

    I changed this role to 'IOT-Internal-Access' 

     

    But the devices that were in this rule are still showing the role 'IOT-External-Only' 

    Is there not a way to have them update other than deleting them and NAC reprofiling them?

     

    Thanks

      Hatibi
      Staff & Editor
      Hatibi
      Staff & Editor
      September 18, 2024

      Apparently there is no way to update the host when devices gets the role from the device profiler.

       

      In the device profiling rule there are these options

      "Confirm Device Rule on Connect"

      "Confirm Device Rule on Interval X"

       

      I tried in my lab by changing the role in the device profiling rule and made sure the device rule was reconfirmed from both disconnect/connect and in interval. The role stays the same.

       

      In such case you can do another thing without needing to delete and re-register the hosts.

      Go to Host view and select "Custom Filter"

      Select for "Adapter" category ----> Status=Online 

      Select for "Host" Category --> Role=IOT-External-Only

       

      This will list to you all online devices with the old role.

      Then select all entries and right-click -> "Set Host Role".

       

      You can then set the new "IOT-Internal-Access" role to all those hosts.

       

      Set_bulk_role.png

       

        Terms & ConditionsAccessibility statement