Help
FortiNAC-F
FortiNAC-F is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks. For legacy FortiNAC articles prior to FortiNAC-F 7.2, see FortiNAC.
ltusen
Staff
Staff

Created on ‎10-23-2025 10:21 AM Edited on ‎10-23-2025 09:32 PM By Community Manager

Article Id 414930

Technical Tip: Bulk delete rogue devices from the FortiNAC database via the CLI

Description This article describes how to perform a bulk delete of rogue devices from the FortiNAC's Database via CLI. The command client -rog -op delete in FortiNAC is used to delete all rogue devices from the system. This command allows administrators to explicitly delete rogue records that are no longer relevant, ensuring the database reflects only active/valid devices.
  • Action: Deletes rogue device entries from FortiNAC’s database.
  • This command is critical for maintaining accurate network visibility and preventing stale rogue entries from cluttering the system.
Scope FortiNAC, FortiNAC-F
Solution
  1. Log into the FortiNAC Admin UI, then navigate to Users & Hosts -> Hosts and modify the 'Custom Filter' -> Go to Host -> and select Type: Rogue and press Ok to check the rogue devices count:

1. Host View Custom Filter.PNG


Note:

All the rogue devices [Online and Offline] should be listed in the Host view search results and the rogue devices count can be checked at the bottom of the page on the right corner.

 

In the example output below, only 2 rogue devices are being shown:

2. Host View Rogues Count.PNG

 

  1. Log into the FortiNAC CLI and execute the command below based on the running version of the NAC appliance:
  1. On FortiNAC CentOS:

 

client -rog -op delete

 

  1. On FortiNAC-F (NAC-OS):

 

> execute enter-shell

# client -rog -op delete


3. client -rog -op delete command.PNG

 

  1. After successfully running the previous command, the delete operation for the found client matches will be shown:

 

4. client -rog -op delete command completed.PNG

 

  1. After successfully delete all the rogue devices found, the Host view search results will show not rogue devices.
  2. However, the rogue devices still connected to the network and online are going to be re-created in the FortiNAC database and will appear again in the Host view section. It is therefore recommended to identify them and disconnect them from the network.


5. Host view Rogues Result.PNG

 

Related documents:

Evaluating Rogue Hosts 

Re-Profiling Rogues and Assisted Rule Creation
51
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.