Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
unknown1020
New Contributor III

Created on ‎10-26-2023 08:44 AM Edited on ‎10-30-2023 01:43 PM

Device in FortiNac

Friends, a question, does a "rogue" device mean a device not registered with Fortinac?

since in Dashboard >> Main >> Endpoint Fingerprints shows information about "Rogue

 

Labels:
701
0 Kudos
6 REPLIES 6
Sheikh
Staff
Staff

Created on ‎10-26-2023 11:30 AM

Hello @unknown1020 

 

As per admin guide, Rogues are those devices that do not match any of the rules enabled in the device profiling rules. You may also have hosts that have been categorized incorrectly.

 

So if you have such hosts then please check EPC policies and other relevant Policies e.g. Network Access policies.

 

You can also right click the host and check Policy Details anf then check EPC Policies status.

 

regards,

 

Sheikh

**If you come across a resolution, kindly show your appreciation by liking and accepting it, ensuring its accessibility for others**
688
ebilcari
Staff
Staff

Created on ‎10-27-2023 07:13 AM

The definition of rouge in FNAC is a physical address that has been seen on the network but has not been associated with an existing known host and is therefore considered unknown. There are several ways to register hosts like Device profiling, through web portal, dot1x auto registration through RADIUS information, manual registration, import etc.

 

In the Endpoint Fingerprints menu you may find all the MAC addresses learned by FNAC and the source of that information. Same MAC address can also be shown multiple times to keep it as a reference when the source is different. There is also the "Set Source Rank" option that shows which Source is considered more "trustworthy" than can override the information.

finberprint.PNG

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
654
unknown1020
New Contributor III
In response to ebilcari

Created on ‎10-30-2023 12:10 PM

Rogue are the device that do not communicate with the fortinac or the unregistered device? Since the report indicates "last communication"

623
0 Kudos
ebilcari
Staff
Staff
In response to unknown1020

Created on ‎10-31-2023 01:01 AM

Every host/device need to communicate with FNAC even when they are isolated through FNAC's isolation interface for different reasons:

Rouge - will have to be classified (active mode)

At-Risk - need to be remediated and update their compliance status

Authentication - user need to authenticate

Dead-end - (optional) only to show the portal and notify the end host

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
605
unknown1020
New Contributor III
In response to ebilcari

Created on ‎10-31-2023 03:05 AM

In Fortinac, is it possible to generate a report with the exclusions that have been made on the device in the fortinac?

599
0 Kudos
ebilcari
Staff
Staff
In response to unknown1020

Created on ‎10-31-2023 04:43 AM

The built-in reports are a bit limited now in FNAC since the FNAC Analytics Reporting got discontinued in 2019, now FortiAnalyzer is needed for generating reports. More info can be found on this section of Administration Guide. Current built in reports are:

reports.PNG

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
595
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.