Technical Tip: How to find Rogue devices in a network via FortiNAC GUI console

Sheikh · ‎11-02-2023

Description

This article describes how to find Rogue devices in a network managed by FortiNAC.

To keep track of the devices connected to a network, it is sometimes necessary to find Rogue devices.

This helps to tighten network security policies and see which hosts/devices are connected or trying to connect to the network.
This could be very useful, especially on a wireless network or when the employees or contractors bring their own devices to connect to the network.
Sometimes when performing network audits, it is mandatory to see the rogue devices on the network.

Scope

FortiNAC.

Solution

Login to the FortiNAC GUI console and expand 'Users & Hosts' on the left-hand side and select 'Hosts'.

Hosts View.png

In the right-hand view, all the hosts/devices will be shown.
On the right-hand side, select 'Quick Search' in the middle and select '+ Create ' to create a filter.
Enter the Filter Name, select Private or Shared, and select 'OK'.

Create Filter.png

After selecting 'OK', another window comes, where it is possible to select criteria. Select Host.

Criteria -1.png

Criteria -2.png

At the bottom, select Type, select Rogue from the list, and select OK.
A filter will be created with the name of Rogue.
It is now possible to see all the hosts/devices that are not registered and their type is Rogue.

Rogue Hosts - Criteria.png

This filter will be saved in the list so that it is possible to use it in the future.