FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
cmaheu
Staff
Staff
Article Id 269394

 

Description

This article describes a change in behavior when using Device Profiling rules using the Active method. Rules with a custom string filtering on hostname no longer match after upgrading to 9.4.2, 9.2.7, 9.1.9 & 7.2.0 or greater.

 

Reverse DNS lookups were part of the evaluation process for rules configured to use the Active method. These lookups are no longer performed as of versions 9.4.2, 9.2.7, 9.1.9 & 7.2.0 in order to enhance performance.

 

This can be verified by running the NMAP scan on an adapter record under Users & Hosts -> Adapters and selecting Run NMAP Scan.

 

Previously:


Nmap scan report for <hostname> (<IP address>)

 

Later versions:


Nmap scan report for <IP address>

 

Device Profiling rules using the Active method and matching based on Custom strings containing host names will no longer match.

Scope FortiNAC v9.4.2, 9.2.7, 9.1.9, 7.2.0 and above.
Solution

Customers using Active method custom strings should ensure the string does not filter on hostname:

  1. Navigate to Users & Hosts -> Device Profiling Rules.
  2.  'Double-click' on the rule.
  3.  Under the Methods tab select Active tab in the right panel.
  4.  Match Custom should be selected.
  5.  Change the string to not include the hostname.
  6. Save.
Contributors