Fortinac-F Persistent Agent Problem

rcpdkc · ‎10-21-2025

I am using Fortinac F version 7.2. I have the following issue. A user joins the network using a persistent agent. They obtain an IP address from the relevant VLAN to which the necessary policies are applied. However, when the user removes the persistent agent, instead of being moved to quarantine, they continue to obtain an IP address from the same VLAN.

ebilcari · ‎10-21-2025

There is no built-in procedure to isolate hosts that suddenly do not have a communicating agent. A UHP can be created with a condition to check the agent communication status but this will take affect only after a policy evaluation is triggered for that host.
To achieve quicker results, you can create an Event Mapping that immediately changes the host status to 'At-Risk' as soon as an event is received (default is 300 seconds):

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

rcpdkc · ‎10-21-2025

I created a rule as shown in the image from the User/Host Profiles tab. However, this time it keeps going into quarantine even though it's an agent. It automatically fixes itself after 2-3 minutes, then goes back into quarantine. It keeps disconnecting even though it has a persistent agent connection.

AEK · ‎10-21-2025

According to the described behavior, I guess the agent can communicate when in isolation, and can't communicate when in prod VLAN. You can confirm with tcpdump.

AEK

rcpdkc · ‎10-21-2025

First, I checked this. The agent can communicate on both the quarantine VLAN and the production VLAN. However, even though there are no obstacles on the production VLAN, the instantaneous flow is interrupted and it goes into quarantine. The moment I added the agent connection check from the Newtrok access menu, the query fires almost once a minute.

Fortinac-F Persistent Agent Problem

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website