FortiNAC. Lightspeed Single Sign-On Integration. Version: 8.x Date: 8/29/2018. Rev: B

Similar documents
Managing Network Alarms and Events

Setting up and Managing Alarms in McAfee ESM 10.x

Getting Started with Live Exceptions

Avigilon Control Center 5 System Integration Guide

Alarm Client. Installation and User Guide. NEC NEC Corporation. May 2009 NDA-30364, Revision 9

Bosch TCU Integration Module Administrator's Guide

1 Introduction Data transmission Compatibility IPS Analytics configuration... 3

Avigilon Control Center System Integration Guide

Monitor Alarms and Events

Monitor Alarms and Events

Avigilon Control Center System Integration Guide

Using ANM Mobile CHAPTER

Security Management System Configuring TCP-IP MODBUS Inputs

IndigoVision Alarm Panel. User Guide

Lighting Xpert Insight User Manual

Simplex Panel Interface Guide

Managing Network Alarms and Events

BlackBerry AtHoc Networked Crisis Communication Siemens Indoor Fire Panel Installation and Configuration Guide Release Version 7.

Alarms Updated 03/26/2018

Milestone SMI Intrepid II Perimeter Module 1.1 User s Manual

Configuring Thresholds

Alarm Manager Plug-in

HikCentral Web Client. User Manual

Avigilon Control Center 5 System Integration Guide

OnGuard 7.1 Resolved Issues

Avigilon Control Center 5 System Integration Guide. with STENTOFON AlphaCom. INT-STENTOFON-C-Rev1

Yokogawa DX Ethernet Driver Help Kepware Technologies

Making the Most of Alarms

Ion Gateway Cellular Gateway and Wireless Sensors

HikCentral Web Client. User Manual

Centroid Snet 2. Battery Management Software. User Manual V1.1. Eagle Eye Power Solutions, LLC Keeping an Eye on Your Critical Power!

ION Meter Alerts TECHNICAL NOTE NOVEMBER In This Document

SimpleComTools, LLC 1

Configuring IndigoVision Control Center. Configuring IndigoVision Control Center

PWM. Solar Charge controller with Ethernet. Solar Smart PWM 20Amp. Hardware Description : Release : 19 June 2014

Chapter. Configuring Genetec Omnicast. Version 4.7 SR1. Configuring Third-Party Programs. SightLogix, Inc

Ademco Vista Alarm Panel

Skipper's Mate. Sensor Testing. Version December Table of Contents

Alarm handling by SMS in ALERT

Sensor Cloud User Manual

Avigilon Control Center System Integration Guide

Oracle Communications Performance Intelligence Center

IndigoVision. GAI-Tronics Integration Module. Administrator's Guide

Installing ProSeries 2004

CRIME. Manufacturing And Minor Inventions CRIME. Control Room Integrated Monitoring Environment

TOUCH PANEL INSTRUCTION MANUAL

LineGuard 2300 Program User Manual (FloBoss 107)

English. User Manual. Software. PGuard Multiuser. Rev /

Avigilon Control Center 5 System Integration Guide

C&K Software What s New. Commander II Version 3.0 Monitor II Version 3.0 Satellite II Version 1.0

Manage Alarms. Before You Begin CHAPTER

Manage Alarms. Before You Begin CHAPTER

Chapter. Configuring OnSSI NetDVMS. OnSSI NetDVMS versions 5.x through 6.5g. OnSSI NetDVMS Ocularis. Configuring Third-Party Programs

ArchestrA Direct Connect

Security Escort Central Console Software SE2000 Series

Front page TBA from Marketing. Network and Device Monitoring. Starter Kit

BOSCH GV4 Alarm Panel

CompleteView Alarm Client User Manual. CompleteView Version 4.6.1

Avigilon System Integration Guide. Avigilon Control Center with AMAG Symmetry Security Management System 7.0

Added password for IP setup page : Password must be in IP format!

Configuration Guide Contigo 1-Wire Temperature Sensor

Before you install ProSeries Express Edition software for network use

Platform Services BACnet Alarm Management

Midco SmartHOME Quick Start Guide. Learn how to protect the things that matter most using this Midco SmartHOME instruction guide.

System Galaxy Quick Guide

Running IGSS as an Operator, Part One

Room Alert. Room Alert 32E/W, 12E, 4E & 3E. Temperature & Environment Monitoring... Made Easy! User s Guide & Reference Manual

Skyresponse ThingWorx Extension. Version 1.0. User Guide

RADview-EMS/TDM. Element Management System for TDM Applications Optimux RAD Data Communications Publication 07/04

This section describes how Prime Central locates, diagnoses, and reports network problems.

Appendix 3 Thermostats

Cisco CallManager. Management Module Guide. Document 5116

Alarm setup and definitions in Cisco Unified Serviceability

Avigilon Control Center System Integration Guide

Uplink Remote Installation Guide 5500EZ

Alarms for the Cisco ISA 3000

Proliphix. Remote Management. User Guide

Please use authentic SATA hard drive, USB device and battery.

Paradox Integration Module Settings Guide

Patriot Systems Limited

GSM WIRELESS ALARM SYSTEM Model: GSM-0308W

7:00AM 1:00AM ET 7:00 AM 12:00AM ET

Honeywell Total Connect Remote Services

RMS Monitoring Software System Startup

D3D Wi-Fi GSM Smart Alarm System -User Manual

USER MANUAL DexTempTM 1000 Temperature Monitor (P/N: IR-1001) DexTempTM 1000 USB Non-Contact Temperature Monitor. User Manual.

Chapter. Configuring Cisco VSMS. Versions 5.1, 6.0. Configuring Third-Party Programs. SightLogix, Inc

ARCHITECTURAL AND ENGINEERING SPECIFICATION

Application Notes for Configuring NovaLink NovaAlert SIP with Avaya IP Office Issue 1.0

KELTRON LS 7000 ALARM MANAGEMENT SYSTEM Keltron Alarm Monitoring, Dispatch, and Reporting Software

Milestone XProtect. Central 3.7 User s Manual

Room Alert. Room Alert 32E, 12E, 4E & 3E. Temperature & Environment Monitoring... Made Easy! User s Guide & Reference Manual

SPECTRUM Alarm Notification Manager (SANM)

Alarm System Example

Avigilon System Integration Guide. for the Avigilon Control Center and Access Control Manager

Alarm Notification Manager

Operation Manual Fighter ProVision Software. Version: 0.0 Revision: 1

the Comprehensive Control Solution

Manage Alarms. Before You Begin. NTP-E57 Document Existing Provisioning CHAPTER

Manage Alarms. Before You Begin CHAPTER

Transcription:

FortiNAC Lightspeed Single Sign-On Integration Version: 8.x Date: 8/29/2018 Rev: B

FORTINET DOCUMENT LIBRARY http://docs.fortinet.com FORTINET VIDEO GUIDE http://video.fortinet.com FORTINET KNOWLEDGE BASE http://kb.fortinet.com FORTINET BLOG http://blog.fortinet.com CUSTOMER SERVICE & SUPPORT http://support.fortinet.com http://cookbook.fortinet.com/how-to-work-with-fortinet-support/ FORTINET COOKBOOK http://cookbook.fortinet.com FORTINET TRAINING AND CERTIFICATION PROGRAM http://www.fortinet.com/support-and-trainingt/training.html NSE INSTITUTE http://training.fortinet.com FORTIGUARD CENTER http://fortiguard.com FORTICAST http://forticast.fortinet.com END USER LICENSE AGREEMENT http://www.fortinet.com/doc/legal/eula.pdf Wednesday, August 29, 2018

Contents Lightspeed Integration Overview 1 Lightspeed RADIUS Accounting Implementation 1 Add Lightspeed Single Sign-On Pingable 2 Enable And Disable Events 4 Events For The System 4 Events For A Specific Group 4 Add or Modify Alarm Mapping 5 Lightspeed SSO Integration i

Lightspeed Integration Overview FortiNAC provides integration with Lightspeed. FortiNAC can send user information to the Lightspeed Single Sign-On Agent via RADIUS accounting packets. When the Lightspeed Single Sign-On Agent is configured in FortiNAC as a pingable device, FortiNAC sends a RADIUS Accounting Start message to Lightspeed each time a host connects to the network. This message includes User ID and IP Address which identifies the user to Lightspeed and allows it to apply user specific policies. See the implementation overview below for requirements. Lightspeed RADIUS Accounting Implementation Lightspeed Single Sign-On Agent Lightspeed supports the ability to receive RADIUS Accounting packets and use the RADIUS Attribute Value Pairs (AVP) as a source of authentication information. Refer to Fortinet documetation for detailed information about configuring FortiNAC as a source of RADIUS Accounting messages. Enable the Lightspeed Single Sign-On Agent as an authentication type. Under RADIUS Accounting add the FortiNAC Server or Control Server as the source of the RADIUS Accounting Start messages. Use the IP Address of eth0. Make sure that the RADIUS secret used in Lightspeed and the secret added in FortiNAC for Lightspeed are the same. FortiNAC Model the Lightspeed Single Sign-On Agent in the Topology view. See Add Lightspeed Single Sign-On Pingable on page 2 for detailed instructions. In Event Management, the event Communication Lost With RADIUS SSO Agent is automatically enabled. This event is generated when the RADIUS SSO Agent cannot be reached. The RADIUS SSO Agent is not being notified when hosts connect to the network, therefore, policies may not be applied. See Enable And Disable Events on page 4 to disable the event if necessary. In Alarm Mapping, you can map the Communication Lost With RADIUS SSO Agent event to an alarm if you wish to be notified when FortiNAC and the RADIUS SSO Agent are no longer communicating. See Add or Modify Alarm Mapping on page 5. Lightspeed SSO Integration 1

Add Lightspeed Single Sign-On Pingable Add Lightspeed Single Sign-On Pingable Add Pingable Figure 1: Add Pingable - Lightspeed Single Sign-On Agent Use the Add Pingable Device option to add hubs, IPS/IDS, printers, servers, wireless access points and other pingable devices to a container. The Physical Address (MAC) is required when creating pingable devices if the IP to MAC cannot be resolved when the ARP tables are read. 1. Click Network Devices > Topology. 2. Select the Container icon. 3. Right-click a container and select Add Pingable Device or select the pingable from the list of devices in the container. 4. From the drop-down menu select the Container where this device will be stored. You can use the icon next to the Container field to add a new Container. Lightspeed SSO Integration 2

Add Lightspeed Single Sign-On Pingable 5. Use the tables of field definitions below to create or modify the pingable device. 6. Click OK. Elements Tab - Field Definitions Field Device Name IP Address Physical Address Add to Container Device Type Incoming Events SSO Agent RADIUS Accounting Port RADIUS Secret Role Description Note Contact Status Polling Definition User specified name for the Lightspeed Single Sign-On Agent. IP address of the agent. MAC address of the agent. FortiNAC domain that will contain this device. List of types of devices that can be added as pingable devices in FortiNAC. For this configuration select Server. Leave the Incoming Events as Not Applicable. Select RADIUS. Port on the Lightspeed Single Sign-On Agent configured to receive RADIUS Accounting messages from external devices. This port must match the port configured in Lightspeed. Type 1813. Type the RADIUS secret that is used on the Lightspeed server. The Role for this device. Available roles appear in the drop-down list. Description of the device entered by the Administrator. User specified notes about the device. Enable or disable contact status polling for the selected device. 3 Lightspeed SSO Integration

Enable And Disable Events Details Tab Field Definitions Field Machine Name Department Owner Administrative Contact Geographical Location Business Purpose BOOTP Address Print Queue Definition Name of the device. Name of the department. Name of the owner of the device. Administrative contact person for the device. Geographical location of the device (for example, Res Hall A, Equipment Closet 1st Floor, Rack 2, Unit 3). Business purpose of the device. IP address for the BOOTP Protocol. Name of the print queue for the device. Enable And Disable Events Use the Event Management window to select which events will be logged. Events For The System 1. Click Logs > Event Management. The Event Management view appears. 2. Use the Filters to locate the appropriate event. Refer to Event Management for Filter field definitions. 3. To enable an event, select one or more events and click the Options button. Select one of the following: a. Internal Logs only to an internal events database. b. External Logs only to an external host. c. Internal & External Logs both to an internal events database and an external host. Note: Any event that is logged is enabled. 4. To disable an event, select one or more events and click the Options button. Select Disable Logging. Note: To log events on an external log host, you must first add the log host to FortiNAC. See Log Events To An External Log Host for instructions. Events For A Specific Group Logging events for a specific group limits the number of times the event is generated. The event will only be generated for members of the selected group. Lightspeed SSO Integration 4

Add or Modify Alarm Mapping 1. Click Logs > Event Management. The Event Management view appears. 2. Use the Filters to locate the appropriate event. Refer to Event Management for Filter field definitions. 3. Select one or more events and click the Options button. Choose one of the logging options to enable the event. 4. Click the Modify Group button. 5. Click in the Group drop-down box and select the Group for which this event will be enabled. 6. Click OK. Add or Modify Alarm Mapping Figure 2: Add Mapping 5 Lightspeed SSO Integration

Add or Modify Alarm Mapping 1. Select Logs > Event to Alarm Mappings. 2. Click Add or double-click on an existing mapping to modify it. 3. Refer to the field definitions table below for detailed information about each field. 4. The new mapping is enabled by default. If you wish to disable it, remove the check mark from the Enabled check box. 5. In the Apply To section, select the element affected by this mapping. You can apply mappings to all elements, a single group of elements, or specific elements. Note: Available selections vary depending upon the selected Trigger Event. 6. Click the box and select an element from the drop-down list. 7. If you choose to Apply To a Group, you can select a group from the list or use the icons next to the group field to add a new group or modify the group shown in the drop-down list. Note that if you modify a group, it is modified for all features that make use of that group. See Add Groups for additional information. 8. Select the Notify Users settings. 9. If you choose to Notify Users, you can select an Admin Group from the list or use the icons next to the Group field to add a new group or modify the group shown in the drop-down list. Note that if you modify a group, it is modified for all features that make use of that group. See Add Groups for additional information. 10. Select the Trigger Rule for the event from the drop-down list. Rules determine when an Event triggers the creation of an Alarm. 11. If you enable the Action option, select the Action to take when the event occurs and the alarm is asserted. These are basic actions that FortiNAC executes on a given alarm. 12. Action parameters display. Select the Primary Task from the drop-down list. 13. For some actions there is a secondary task. If desired, click the Enable box in the Run Secondary Task section, select Min, Hr, or Day and enter the corresponding value. 14. Click OK. The new mapping is saved and appears in the Event/Alarm Map View. Table 1: Add/Modify Alarm Mapping Field Definitions Field Definition Alarm Definition Enabled If checked, the alarm mapping is enabled. Default = Enabled. Lightspeed SSO Integration 6

Add or Modify Alarm Mapping Field Trigger Event Alarm to Assert Severity Clear on Event Definition Event that causes the alarm. Whenever this event occurs, its associated alarm is generated. The alarm is automatically listed when you select the event. The alarm generated when the event occurs. Sets the severity of the alarm. Select one of the values from the drop-down list: Critical, Informational, Minor, and Warning. This value may be changed for existing Alarm and Event mappings. To automatically clear the alarm when a specific event occurs, select this check box. Select the event that, when generated, causes this alarm to be removed. If you leave the check box unchecked, you must manually clear the alarm. Default = Unchecked (Disabled) Send Alarm to External Log Hosts The alarm is sent to an external log host when the trigger event occurs, select this check box. See Properties Log Hosts for details on configuring an external log host. Default = Unchecked (Disabled) You can specify a particular command line script to be executed when this alarm is triggered. These command line scripts are for advanced use, such as administrator-created Perl scripts. First, write the script that is to be used as the alarm action. Store the script in this directory: /home/cm/scripts Send Alarm to Custom Script Apply To If there are no scripts in the directory, this field is not available. Click the check box to enable the option and select the correct script from the drop-down list. The arguments that are automatically passed to the script are as follows: type EndStation. User or Network Device name name of element ip IP address mac MAC address user userid msg email message from alarm All Applies this mapping to all elements. Group Applies this mapping to a single group of elements. Specific Applies this mapping to the element that you select from a list. Notify Users Notify Send Email If checked, the administrators in the selected group are notified when an alarm occurs. If checked, the administrators in the selected group are sent an email when the alarm occurs. Administrators must have an email address configured in the Modify User dialog to receive this email. 7 Lightspeed SSO Integration

Add or Modify Alarm Mapping Field Send SMS Definition If checked, the administrators in the selected group are sent an SMS message when an alarm occurs. Administrators must have a Mobile Number and Mobile Provider configured to receive this SMS message. Trigger Rules One Event to One Alarm Every occurrence of the event generates a unique alarm. All Events to One Alarm Event Frequency Event Lifetime The first occurrence of the event generates a unique alarm. Each subsequent occurrence of the event does not generate an alarm, as long as the alarm persists when subsequent events occur. When the alarm clears, the next occurrence of the event generates another unique alarm. The number of the occurrences of the event generated by the same element within a user specified amount of time determines the generation of a unique alarm. Settings are updated when the Action is configured. Example: Assume the Host Connected event is mapped to an alarm and the frequency is set to 3 times in 10 minutes. Host A connects 3 times in 10 minutes and the alarm is triggered. Host A connects 2 times and host B connects 2 times, there are 4 connections in 10 minutes. No alarm is generated because the hosts are different. Host A connects at minutes 1, 8 and 12. No alarm is triggered because the host did not connect 3 times in 10 minutes. Host A connects at minutes 1, 8, 12, and 14. An alarm is triggered because connections at minutes 8, 12 and 14 fall within the 10 minute sliding window. The duration of an alarm event without a clearing event within a specified time, determines the generation of a unique alarm. Example: Event A occurs. If Event B (clear event) does not occur within the specified time, an alarm is generated. Actions Action Host Access Action Host Role If checked, the selected action is taken when the alarm mapping is active and the alarm is asserted. Host is disabled and then re-enabled after the specified time has passed. The host's role is changed and then set back to the original role after the specified time has passed. Roles are attributes of the host and are used as filters in User/Host Profiles. Those profiles determine which Network Access Policy, Endpoint Compliance Policy or Supplicant EasyConnect Policy to apply. Note: If roles are based on a user's attribute from your LDAP or Active Directory, this role change is reversed the next time the directory and the FortiNAC database resynchronize. Host Security Action Host is set At Risk and then set to Safe after the specified time has passed. Lightspeed SSO Integration 8

Add or Modify Alarm Mapping Field Definition You can specify a particular command line script to be executed as an alarm action. These command line scripts are for advanced use, such as administratorcreated Perl scripts. Command Line Script First, write the script that is to be used as the alarm action. Store the script in this directory: /home/cm/scripts The IP and MAC address arguments that are automatically passed to the script are in the format shown in this example: Email User Action SMS User Action Port State Action Send Message to Desktop /home/cm/scripts/testscript 192.168.10.1 00:00:00:00:00:00 An email is sent to the user associated with the host. The text of the email is entered in the Email Host Action dialog box. An SMS Message is sent to the user associated with the host. The text of the message is entered in the SMS User Action dialog box. The recipient must have a Mobile Number and Mobile Provider configured. The port is disabled and then re-enabled after the specified time has passed. Send a text message to the desktop of a host(s) with the Persistent Agent or Fortinet Mobile Agent for Android installed. 9 Lightspeed SSO Integration

2024 © homedocbox.com Privacy Policy | Terms of Service | Feedback