NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
This article describes a change in behavior when using Device Profiling rules using the Active method. Rules with a custom string filtering on hostname no longer match after upgrading to 9.4.2, 9.2.7, 9.1.9 & 7.2.0 or greater.
Reverse DNS lookups were part of the evaluation process for rules configured to use the Active method. These lookups are no longer performed as of versions 9.4.2, 9.2.7, 9.1.9 & 7.2.0 in order to enhance performance.
This can be verified by running the NMAP scan on an adapter record under Users & Hosts -> Adapters and selecting Run NMAP Scan.
Nmap scan report for <hostname> (<IP address>)
Nmap scan report for <IP address>
Device Profiling rules using the Active method and matching based on Custom strings containing host names will no longer match.
FortiNAC v9.4.2, 9.2.7, 9.1.9, 7.2.0 and above.
Customers using Active method custom strings should ensure the string does not filter on hostname:
Navigate to Users & Hosts -> Device Profiling Rules.
'Double-click' on the rule.
Under the Methods tab select Active tab in the right panel.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.