Hello,
did anybody solved next problem, please ?
When FortiNAC detects device whch is not compliant, it has configured action; in our case it is disable port, send email; with release port after some time (5 minutes), recheck device
if non compliancy is not false positive, it send email every time; but it would be nice to send second and each next email to another set of email addresses (due to automatic creation of cases in ticketing system)
is there any possibility how to treat it with scripting ?
Best regards,
Petr
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @podvarka
I don't have direct response for your case but I think the more natural way is to put a non compliant device in remediation (instead of shutdown port) so it can download patches, updates, or anything that helps making it compliant again.
Hello aek,
agree that in some cases putting non compliant device in remediation is better solution. But in others is better to shut down port and block device from access to network.
Petr
Technically it can be done but the script should contain the logic to remember the first request and to send the email only after being called for the second action. The tool that can be used to send the email from the script is sendemail:
> sendemail -subject 'mail test' -to 'gimi@eb.eu' -message 'This is a mail test.'
...
250 Ok
DEBUG SMTP: message successfully delivered to mail server
QUIT
221 bye
Connected to 10.1.1.10 on port 25
Sent email to gimi@eb.eu
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1031 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.