Description
This article describes some cases where some hosts (IoT or other static systems) that are manually registered need to override the global aging timer set on System -> Settings -> User/Host Management -> Aging [Registered Hosts] to avoid the need for a manual re-registration for these devices. Setting a higher value is practically set to never expire.
Scope
All FortiNAC versions.
Solution
- In Administrative UI, select System -> Groups.
- From the Group view, select Add.
- Enter a Group Name such as 'OT-Group'.
- Select Member Type Host.
- Configure aging properties:
Days Valid: (for example: 9999) / Days Inactive: (for example: 9999). - Enter a Group Description (optional).
- Move these interested hosts to be part of this group.
From the CLI, it is possible to check these timers using the following command for a specific host. These are the timers before the hosts inherit the global aging timers:
> dumphostrecords -mac 00:11:2F:00:00:01
Host Record:
Creation Time = Sun Jun 11 12:07:03 CEST 2023
Expiration Date = Sat Oct 26 16:19:58 CEST 2024
Inactivity = 30 Days
Inactivity Date = Tue Jul 11 12:42:34 CEST 2023
After the user is moved to that group:
> dumphostrecords -mac 00:11:2F:00:00:01
Host Record:
Creation Time = Sun Jun 11 12:07:03 CEST 2023
Expiration Date = Wed Oct 26 12:07:03 CEST 2050
Inactivity = 9999 Days
Inactivity Date = Wed Oct 26 12:42:34 CEST 2050
The same values can also be checked from the GUI: Users & Hosts -> Hosts -> 'Right-click' on the host [Host Properties].
Here these timers can also be set at a host level. These settings will take precedence compared to the Group or global aging timers.
Related article:
