Description
This article describes the cases when the network admin wants to be notified when a new rogue device is presented or tries to connect to the network.
Scope
FortiNAC 9.x.
Solution
It is necessary to enable the desired Events that FortiNAC offers. Some of it can be disabled by default.
Logs -> Events & Alarms [Management], search on the list 'Rogue Connected' and 'Rogue Created' (optional), select and choose 'Log Internal & External' (if it is needed to also forward this event to external log receivers):
On [Mappings] add a new 'Event to Alarm Mapping' to create an Alarm at the desired level of Severity and the option to notify via email or SMS:
The user that is part of the chosen group should have a valid email address in order to receive the email.
After enabling it, it is possible to see the new alarm being shown with the chosen severity:
The same is shown on the list of Events:
The email sent to the admin will contain this information:
To send the email, FortiNAC should have an email service configured in Service Connectors:
