DescriptionThis article describes how to create event to Alarm Mapping to change host role when role is changed due to compliance policy action changing role.
Related document.
https://docs.fortinet.com/document/fortinac/9.1.0/administration-guide/225131/add-or-modify-alarm-ma...
SolutionWhen the compliance policy is set up to change the host role, it will not change it back on a rescan.
It is necessary to have an event to Alarm mapping setup to see the event and make the change on the host.
FortiNAC 9.x.
1) Create Mapping in Logs -> Event & Alarms and select 'Mappings'.
2) Select 'Add'.
3) Check 'Enabled' if not already.
4) Trigger Event = Host Passed Security Test.
5) Select other options as necessary.
6) Trigger Rule = One Event to One Alarm.
7) Action = Host Role Action.
- Primary Task = NAC-Default.
8) Select 'Ok'.
FortiNAC 8.x.
1) Create Mapping in Logs and select 'Event to Alarms Mappings'.
2) Select 'Add'.
3) Check Enabled if not already.
4) Trigger Event = Host Passed Security Test.
5) Select other options as necessary.
6) Trigger Rule = One Event to One Alarm.
7) Action = Host Role Action.
- Primary Task = NAC-Default.
8) Select 'OK'.