FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
ebilcari
Staff
Staff
Article Id 247988
Description

 

This article describes the cases when the network admin wants to be notified when a new rogue device is presented or tries to connect to the network.

 

Scope

 

FortiNAC 9.x.

 

Solution

 

It is necessary to enable the desired Events that FortiNAC offers. Some of it can be disabled by default.

 

Logs -> Events & Alarms [Management], search on the list 'Rogue Connected' and 'Rogue Created' (optional), select and choose 'Log Internal & External' (if it is needed to also forward this event to external log receivers):

 

ebilcari_0-1677853355473.png

 

On [Mappings] add a new 'Event to Alarm Mapping' to create an Alarm at the desired level of Severity and the option to notify via email or SMS:

 

ebilcari_1-1677853514532.png

 

The user that is part of the chosen group should have a valid email address in order to receive the email.

 

After enabling it, it is possible to see the new alarm being shown with the chosen severity:

 

ebilcari_2-1677853603222.png

 

The same is shown on the list of Events:

 

ebilcari_3-1677853714453.png

 

The email sent to the admin will contain this information:

 

ebilcari_4-1677853996347.png

 

To send the email, FortiNAC should have an email service configured in Service Connectors:

 

ebilcari_5-1677854311199.png