Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
amacchiaverna
Staff
Staff

Created on ‎09-21-2021 04:08 AM

Article Id 194328

Technical Tip: Create event to Alarm Mapping to change host role

Description
This article describes how to create event to Alarm Mapping to change host role when role is changed due to compliance policy action changing role.

Related document.
https://docs.fortinet.com/document/fortinac/9.1.0/administration-guide/225131/add-or-modify-alarm-ma...

Solution
When the compliance policy is set up to change the host role, it will not change it back on a rescan. 
It is necessary to have an event to Alarm mapping setup to see the event and make the change on the host.

FortiNAC 9.x.

1) Create Mapping in Logs -> Event & Alarms  and select 'Mappings'.





2) Select 'Add'.
3) Check 'Enabled' if not already.
4) Trigger Event = Host Passed Security Test.
5) Select other options as necessary.
6) Trigger Rule = One Event to One Alarm.
7) Action = Host Role Action.
- Primary Task = NAC-Default.




8) Select 'Ok'.

FortiNAC 8.x.

1) Create Mapping in Logs and select 'Event to Alarms Mappings'.




2) Select 'Add'.
3) Check Enabled if not already.
4) Trigger Event = Host Passed Security Test.
5) Select other options as necessary.
6) Trigger Rule = One Event to One Alarm.
7) Action = Host Role Action.
- Primary Task = NAC-Default.





8) Select 'OK'.

345
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.