Hello,
Is it recommended to setup 802.1x with persistent agent for authentication®istration with dot1x and scan safe/at risk/rogue with persistent agent ?
Regards!
Solved! Go to Solution.
Hey,
From a security standpoint, combining 802.1x with a persistent agent for additional endpoint scanning seems like a solid approach to me. You're essentially layering your security, which is generally a good practice. The 802.1x handles the network-level authentication, while the persistent agent can do more in-depth scans for risk assessment.
However, you'll want to consider the overhead and potential for conflicts. Persistent agents can sometimes interfere with system operations or create false positives that could lead to legitimate devices being blocked. Also, if the agent crashes or has a vulnerability, it could potentially open up a new attack surface.
If you can test this setup in a lab environment first, I'd definitely recommend doing so. Keep an eye on resource usage, conflict with other software, and overall system stability. Also, consider the user experience—additional security layers can sometimes create more hoops for users to jump through, so you'll want to balance security with usability.
Would love to hear other opinions on this as well.
Cheers,
Ahmad
In addition to this, Persistent Agent is stable if it's properly configured :)
I would mention that as a starting point you can use it for visibility only (not enforcing Forced Remediation) at port/SSID Group Membership. In this way it will not affect your network until you get familiar with it and than start enforcing it.
Endpoint Compliance Policies (Scans) can also be configured in Audit Only or Delayed. This will allow the administrator to have more time to evaluate and remediate the hosts before they are put in isolation for "At-Risk" issues.
If Audit Only is enabled, the host is scanned and the information associated with the scan is recorded.If the host fails the scan, it is not marked "at risk". Therefore, it is not forced into Remediation and can continue using the network. The administrator can review the scan results and take corrective action without disrupting users on the network.
If Delayed is enabled, hosts who fail this scan are set to Pending at Risk for the number of days indicated in the Remediation Delay field. Hosts set to Pending at Risk are not placed in remediation until the number of days indicated has elapsed.
More information can be read in the Agent deployment guide
Hey,
From a security standpoint, combining 802.1x with a persistent agent for additional endpoint scanning seems like a solid approach to me. You're essentially layering your security, which is generally a good practice. The 802.1x handles the network-level authentication, while the persistent agent can do more in-depth scans for risk assessment.
However, you'll want to consider the overhead and potential for conflicts. Persistent agents can sometimes interfere with system operations or create false positives that could lead to legitimate devices being blocked. Also, if the agent crashes or has a vulnerability, it could potentially open up a new attack surface.
If you can test this setup in a lab environment first, I'd definitely recommend doing so. Keep an eye on resource usage, conflict with other software, and overall system stability. Also, consider the user experience—additional security layers can sometimes create more hoops for users to jump through, so you'll want to balance security with usability.
Would love to hear other opinions on this as well.
Cheers,
Ahmad
In addition to this, Persistent Agent is stable if it's properly configured :)
I would mention that as a starting point you can use it for visibility only (not enforcing Forced Remediation) at port/SSID Group Membership. In this way it will not affect your network until you get familiar with it and than start enforcing it.
Endpoint Compliance Policies (Scans) can also be configured in Audit Only or Delayed. This will allow the administrator to have more time to evaluate and remediate the hosts before they are put in isolation for "At-Risk" issues.
If Audit Only is enabled, the host is scanned and the information associated with the scan is recorded.If the host fails the scan, it is not marked "at risk". Therefore, it is not forced into Remediation and can continue using the network. The administrator can review the scan results and take corrective action without disrupting users on the network.
If Delayed is enabled, hosts who fail this scan are set to Pending at Risk for the number of days indicated in the Remediation Delay field. Hosts set to Pending at Risk are not placed in remediation until the number of days indicated has elapsed.
More information can be read in the Agent deployment guide
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.