Skip to main content
HeretoLearn23
New Member
April 30, 2024
Question

FortiNAC Device Profile Rules - HTTP/HTTPS

  • April 30, 2024
  • 1 reply
  • 2542 views

Looking to create a Device Profile Rule to use HTTP/HTTPs Methods and having issues with the path requirement. 

Im wanting to do this for printers with a gui.

Here are some examples of what I have tried for paths:

/wcd/spa_main.html

x.x.x.x/wcd/spa_main.html

Underscore.min.js

jquery-ui.min.css

 

Has anyone used this method before and can you please provide me some examples of what I should be looking for?

 

Thank you

1 reply

ebilcari
Staff
Staff
May 1, 2024

The configuration should be simple, open a URL path and checking the content for a specific value to match. The path you provided seems valid "/wcd/spa_main.html" and it can be used.

Are this printers using HTTP or HTTPS? The HTTPS may cause some problem with certificate validation in FNAC if the printers are using their self signed certificates.

Emirjon
HeretoLearn23
New Member
May 1, 2024

It is using https with a self signed cert.

ebilcari
Staff
Staff
May 1, 2024

If that is the case than based on my previous experience, the problem relies on the SAN attribute missing on the printer's self signed certificate. FNAC will not treat it as a valid certificate so it can't proceed loading the page. For testing purposes you can generate a valid certificate and upload it in one of the printers to verify if DPR configurations are done properly.

To get more information you can enable this debug and check live on the logs the reason of failure (maybe is something else):

> nacdebug -name ActiveFingerprint true

> logs

> tf output.nessus

In the end remember to disable the debug:

> nacdebug -name ActiveFingerprint

In case you are running the new FNAC-F you need to "#execute enter" first.

Emirjon