Looking to create a Device Profile Rule to use HTTP/HTTPs Methods and having issues with the path requirement.
Im wanting to do this for printers with a gui.
Here are some examples of what I have tried for paths:
/wcd/spa_main.html
x.x.x.x/wcd/spa_main.html
Underscore.min.js
jquery-ui.min.css
Has anyone used this method before and can you please provide me some examples of what I should be looking for?
Thank you
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
The configuration should be simple, open a URL path and checking the content for a specific value to match. The path you provided seems valid "/wcd/spa_main.html" and it can be used.
Are this printers using HTTP or HTTPS? The HTTPS may cause some problem with certificate validation in FNAC if the printers are using their self signed certificates.
It is using https with a self signed cert.
If that is the case than based on my previous experience, the problem relies on the SAN attribute missing on the printer's self signed certificate. FNAC will not treat it as a valid certificate so it can't proceed loading the page. For testing purposes you can generate a valid certificate and upload it in one of the printers to verify if DPR configurations are done properly.
To get more information you can enable this debug and check live on the logs the reason of failure (maybe is something else):
> nacdebug -name ActiveFingerprint true
> logs
> tf output.nessus
In the end remember to disable the debug:
> nacdebug -name ActiveFingerprint
In case you are running the new FNAC-F you need to "#execute enter" first.
On the output.nessus you should see similar output:
yams.ActiveFingerprint FINER :: 2024-MM-DD HH:MM:SS:830 :: #66 :: rule = Rule1 isEnabled = true
yams.ActiveFingerprint FINER :: 2024-MM-DD HH:MM:SS:834 :: #66 :: Criteria unsatisfied. Putting back on queue. rule = Rule12, mac = 00:24:xx:xx:xx:xx
yams.ActiveFingerprint FINER :: 2024-MM-DD HH:MM:SS:917 :: #66 :: performScans() rule = Rule2 mac = 00:24:xx:xx:xx:xx
yams.ActiveFingerprint FINER :: 2024-MM-DD HH:MM:SS:423 :: #66 :: Rule does not match: Rule2-Name 00:24:xx:xx:xx:xx <--MAC of the host
yams.ActiveFingerprint FINER :: 2024-MM-DD HH:MM:SS:423 :: #66 :: Rule does not match:Rule3-Name 00:24:xx:xx:xx:xx <--MAC of the host
yams.ActiveFingerprint FINER :: 2024-MM-DD HH:MM:SS:423 :: #66 :: rule = Rule3 isEnabled = true
yams.ActiveFingerprint FINER :: 2024-MM-DD HH:MM:SS:423 :: #66 :: performScans() rule = Rule3-Name mac = 00:24:xx:xx:xx:xx <--MAC of the host
yams.ActiveFingerprint FINER :: 2024-MM-DD HH:MM:SS:032 :: #66 :: performScan(Rule3-Name) Method (Method used) matches data previously collected
yams.ActiveFingerprint FINER :: 2024-MM-DD HH:MM:SS:032 :: #66 :: Rule matches: Rule3-Name 00:24:xx:xx:xx:xx [Fingerprint [dbid=null, source=xxx , physAddress=00:24:xx:xx:xx:xx, ipAddress=172.xxxx, hostName=null, entityTag=null, os=null, createTime=null, lastHeardTime=null, attributes={....}]]
If there are busy logs you can filter by MAC:
> logs
> tf output.nessus | egrep -i "xx:xx:xx:xx:xx:xx|xx-xx-xx-xx-xx-xx" <-- replace xx:xx:xx:xx:xx:xx with host MAC
BR
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.