FortiNAC 7.2

Araujoctr · ‎07-04-2025

Hello everyone.

I have a question regarding the status of some hosts in FortiNAC that are showing as "Disabled Online". I have already checked the settings to find out the reason, but so far I have not been able to find the cause and resolve the issue. Has anyone else experienced this? If so, can you share what was done to resolve the issue?

Thank you for your attention.

ebilcari · ‎07-24-2025

Since there is an Event for DPR re confirmation, you can check the rule that matches this host if it has selected the option 'Disable Device If Rule No Longer Matches Device', details below:

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

View solution in original post

AEK · ‎07-14-2025

Hi

From menu Users & Hosts > Hosts, try right click on the host, then click Enable Host.

Also try see what happened by clicking menu item Show Events, and Show Audit Log.

AEK

Araujoctr · ‎07-15-2025

Hi,

I had already performed this procedure, but after a while the device returned to showing as online disabled.

Regarding the Show Events and Audit Log options, everything seems to be fine.

Thank you for your attention and information.

AEK · ‎07-15-2025

The device has probably been automatically disabled by some event.

Check under the following:

Logs > Events & Alarms > Mappings
Logs > Security Incidents > Rules

You may find there an action like "Disable Host" that has been configured under some conditions. This may be the cause.

AEK

ebilcari · ‎07-22-2025

Normally if there is a configuration in place that disables the hosts they should be also isolated, some details are shown in this article: Technical Tip: Configuring Dead End as Enforcement

In addition to Event mapping, the hosts may also be disabled by Device profiling rules which have configured the 'Rule Confirmation Settings' or if the user is disabled Technical Tip: Disable user account in AD LDAP.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

Araujoctr · ‎07-22-2025

Dear all, I appreciate your feedback regarding the situation highlighted, however I am still looking for a solution where in the NAC some devices appear with "online disabled" status even though they are operational and registered.

ebilcari · ‎07-23-2025

Did you find any recorded actions while r-clicking the host and checking 'Show Events' and 'Show Audit Log'?
Are the affected hosts registered to a user, if yes are these users valid and enabled?
Do these hosts have a Persistent Agent installed and are they being regularly scanned (Override Scan Result Actions)?

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

Araujoctr · ‎07-23-2025

Did you find any recorded actions while r-clicking the host and checking 'Show Events' and 'Show Audit Log'?

Show Events -> "Device Rule Confirmation Success".
Show Audit Log -> No history.

Are the affected hosts registered to a user, if yes are these users valid and enabled?
R- Not.

Do these hosts have a Persistent Agent installed and are they being regularly scanned (Override Scan Result Actions)?

A- Yes.

ebilcari · ‎07-24-2025

Since there is an Event for DPR re confirmation, you can check the rule that matches this host if it has selected the option 'Disable Device If Rule No Longer Matches Device', details below:

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

FortiNAC 7.2

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website