3.1.3.1. Business Profiles

In the Business Profiles section, we will be able to see the latest status of the connections made on the network and detected by the system. For each of these connections, we will have information related to the device and the connection itself: status, source, policy, etc.

The Business Profiles allow grouping policies/TAGs/EPTs following different criteria.

Inside each Business Profiles Group, we can find the business profiles.

The Business Profiles allow grouping policies/TAGs/EPTs following different criteria, these can group technical or business events:

Note

The Business Profiles must be customized according to the technical and business needs. They are not preloaded by default.

• Business Profiles based on technical requirements

  Some possibilities could be:

  • The type of authentication that is being used (MAC Authentication Bypass - MAB, 802.1x with username and password, 802.1x with user certificate).

  • Location based (building 1, floor 1, etc.),

  • User device characteristics (corporate device with Windows 10 installed),

  • Type of users (VPNs, Guest, Partners),

  • Type of network access (VPN, Wired or Wifi)

• Business Profiles based on business requirements

  For instance:

  • Identifying the business department (marketing department, finance department, etc.)

  • Users that belong to any business service -we can use tags in the CMDB, workstation attributes, or also LDAP/AD attributes for this matter)

As mentioned, the business profiles allow grouping policies or tags or EPTs. In the policies’ case, it is recommended to use only one business profile with a policy. This avoids showing wrong information in ON Analytics.

There are some default Business Profiles Groups: EPT View, Default View, and Locations View which will be explained in the next section.

There is no limitation to creating as many business profiles as needed. To group OpenNAC events, remember that these events are generated by policy matching.

To create a new business profile click on the Add new option that is location on the right end of the business profiles role.

A new window will pop-up and you have to complete a few steps to finish creating a new Business Profile:

1: Write a name for the business profile.

2: Choose a color to identify it easily.

3: Choose the policy or policies, TAG or EPT (depending on the Business Profile Type) that belongs to the business profiles just created. Remember that this business profile can be created based on business or technical reasons.

Business profiles group all the events related to network access requests that match with a policy. Policies or can be also named Access Control entries.

We can set a filter/business profile as default by clicking on the star. To remove a business profile, click on the trash can icon.

There are a couple of options to visualize Business Profiles.

• When clicking on View graph we will see a graphical representation of the connections.

  

  
  

• The Show/hide button allows us to expand the events by hiding or showing the different business profiles.

  

  
  

Right below your business profiles, you can find a row with multiple options (some groups might not have all the options):

• Toggle port: To force a user device’s policy evaluation. First, select the device/devices by checking the corresponding box on the left and then click on the Toggle port button.

  The Network Device must be previously configured to allow the reevaluation. You can do it by SNMP disconnecting and connecting the device or by CoA forcing a change of authorization. See Configuration -> Configuration Vars -> NetDev.

• Quarantine: To quarantine any selected user device. The device will be sent to an isolated network, usually for security or compliance reasons. The isolated network does not exist by default, it needs to be defined on the ND.

• Dequarantine: To dequarantine any selected and quarantined user device.

Note

When a Quarantine or Dequarantine is executed, a toggle is done and the policy is revaluated.

• Refresh: Refreshes the shown information of the devices on the page.

• Export data: To export the data onto a CSV file. This can be done over an entire page or after filtering the data.

• Tags: It is used to search devices by partial or complete tags. Tag lists or regular expression are not supported.

• Show all: Shows all the user devices on one page.

• Filters: To search devices on the selected business profile with predefined or custom filters such as IP, MAC, policy, etc.

In the next role, we can find two more fields. The left one, Select [ ] entries, features 25 entries by default and is used to select the number of entries to see on each page. The right one, Search [ ], is used to search by any filter.

Moving to the next session of the interface, we can see different columns:

• MAC: The mac address of the device. If OpenNAC has not discovered it, it will show 00:00:00:00:00:00.

• IP: The IP address of the device. If OpenNAC has not discovered it, it will show 0.0.0.0.

• Hostname: The device’s hostname.

• User: The user name connected with the device.

• Last access: The last seen access.

• Policy: The policy that the device has matched. In the policy section we can find three icons:

  • View policy evaluation: Shows the last events for that device with the information about the parameters received, parameters processed, and response data. The events are described in Events section.

  

  
  

  • View policy: Shows the policy matched by the device.

  

  
  

  • Policy has changed since last evaluation and must be re-evaluated.

• EPT: The endpoint type tag that has been assigned.

• Status: This column shows icons with different information that we can see passing the mouse by:

• The flag icon indicates the status (green -> active, red -> reject, black -> logout).

• The laptop icon indicates if it is a registered device (black) or if it is a quarantine device (red).

• The VLAN icon shows the VLAN associated with the device.

• The dashboard icons are links to dashboards generated by the device. By default, there are 3 dashboard shortcuts activated: Discover, Sensor Dashboard, and Sensor Dashboard by user id. Clicking on each of them will open a new tab with that dashboard.

To activate other shortcuts or change configuration see: Configuration -> Dashboards

• Tags: Shows a bar with the number of tags of each type assigned to the device.

• i: Shows the possibility to expand the information. We can expand the information about each event by clicking on the + button located in this column.

Most of the fields shown in the expanded information (IP, IP Switch, ID Port Switch…) have a window icon next to them that allows us to configure that field as a column. This will be saved in the user settings and can be reverted to the defaults ones as shown in Overview

We can see that the information is divided into two sets:

• The top one shows the most relevant information: MAC, IP, how OpenNAC discovered the asset, etc.

• The bottom information shows the tags that have been collected grouped by different criteria: Profile, Security, Processes, etc.

Administrators can also manage the user devices connections by right-clicking on the event and selecting the action to take.

In addition to actions that we have already seen (Toggle port, Quarantine/Dequarantine, and Refresh) it reveals two more that allows administrators to verify outcomes without causing any direct impact on the user device’s configuration:

Simulate profiling

The Simulate Profiling button serves as a convenient tool for administrators. It enables them to determine which EPT_ type tag would be assigned to a user’s device without triggering a full policy evaluation.

This is particularly helpful when modifications are made to existing profiles within ON NAC > Profiling > User device profiling. The purpose is to verify if any devices will meet the profile criteria and consequently be labeled with the EPT_ tag.

Note

This simulation process does not actually apply the EPT_ tag to the user device; rather, it merely generates a simulated outcome and provides a report. This allows for confirmation without causing any disruption.

Simulate tag policies

The Simulate Tag Policies button provides insight into the specific result tag that would be applied to a user’s device based on existing policies. This evaluation occurs without the need to trigger a complete policy reevaluation for the device.

This feature is helpful when modifications are made to any of the established tag policies within ON NAC > Tag policies > UD Tag policies. The primary purpose is to confirm which result tag from the tag policies will be assigned to the device following the changes.

Note

This simulation doesn’t actually implement any tag onto the user’s device. It only conducts a simulated assessment and subsequently presents a report detailing the anticipated result.

If a user device has the OpenNAC Agent installed, and have received any payloads, we can access to the user’s payload record directly. It allows us to find all the information regarding to the payloads that have been sent. So once we click on the icon shown in the figure below, we will be directly redirected to the Agent payloads view.

• 3.1.3.1.1. Business Profiles Configuration
• 3.1.3.1.2. Default Business Profiles
  • 3.1.3.1.2.1. EPT view
  • 3.1.3.1.2.2. Default view
  • 3.1.3.1.2.3. Locations view