Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
unknown1020
New Contributor III

Device in FortiNac

Friends, a question, does a "rogue" device mean a device not registered with Fortinac?

since in Dashboard >> Main >> Endpoint Fingerprints shows information about "Rogue

 

6 REPLIES 6
Sheikh
Staff
Staff

Hello @unknown1020 

 

As per admin guide, Rogues are those devices that do not match any of the rules enabled in the device profiling rules. You may also have hosts that have been categorized incorrectly.

 

So if you have such hosts then please check EPC policies and other relevant Policies e.g. Network Access policies.

 

You can also right click the host and check Policy Details anf then check EPC Policies status.

 

regards,

 

Sheikh

**If you come across a resolution, kindly show your appreciation by liking and accepting it, ensuring its accessibility for others**
ebilcari
Staff
Staff

The definition of rouge in FNAC is a physical address that has been seen on the network but has not been associated with an existing known host and is therefore considered unknown. There are several ways to register hosts like Device profiling, through web portal, dot1x auto registration through RADIUS information, manual registration, import etc.

 

In the Endpoint Fingerprints menu you may find all the MAC addresses learned by FNAC and the source of that information. Same MAC address can also be shown multiple times to keep it as a reference when the source is different. There is also the "Set Source Rank" option that shows which Source is considered more "trustworthy" than can override the information.

finberprint.PNG

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
unknown1020
New Contributor III

Rogue are the device that do not communicate with the fortinac or the unregistered device? Since the report indicates "last communication"

ebilcari

Every host/device need to communicate with FNAC even when they are isolated through FNAC's isolation interface for different reasons:

Rouge - will have to be classified (active mode)

At-Risk - need to be remediated and update their compliance status

Authentication - user need to authenticate

Dead-end - (optional) only to show the portal and notify the end host

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
unknown1020
New Contributor III

In Fortinac, is it possible to generate a report with the exclusions that have been made on the device in the fortinac?

ebilcari

The built-in reports are a bit limited now in FNAC since the FNAC Analytics Reporting got discontinued in 2019, now FortiAnalyzer is needed for generating reports. More info can be found on this section of Administration Guide. Current built in reports are:

reports.PNG

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors