Skip to main content
ByteHaven
ByteHaven
Explorer III
November 11, 2025
Solved

Device profiling rule

  • November 11, 2025
  • 2 replies
  • 516 views

Hello FNAC admins,

What's the most recommended method(s) in device profiling rules ? I know it depends for each scenario. 

Also I wanna know if it's best to use many methods in one rule, or each rule better have one method ?

 

Thanks in advance

BR,

Best answer by AEK

Hello BH

All I remember is that lighter rules should be at top. This helps FNAC to profile devices without using much resources.

Have a look at the best practices:

https://docs.fortinet.com/document/fortinac-f/7.6.0/administration-guide/185068/best-practices

 

Besides, if you need it more secure in device auto registration or re-validation then then "I think" you may need to harden the profiling rules instead of using OUI, DHCP fingerprint and other weak methods.

Hope it helps.

 

2 replies

AEK
SuperUser
AEKAnswer
SuperUser
November 12, 2025

Hello BH

All I remember is that lighter rules should be at top. This helps FNAC to profile devices without using much resources.

Have a look at the best practices:

https://docs.fortinet.com/document/fortinac-f/7.6.0/administration-guide/185068/best-practices

 

Besides, if you need it more secure in device auto registration or re-validation then then "I think" you may need to harden the profiling rules instead of using OUI, DHCP fingerprint and other weak methods.

Hope it helps.

 
AEK
    ByteHaven
    ByteHavenAuthor
    Explorer III
    November 12, 2025

    Thank you for the help AEK, I understand now

     

    BR,

    ebilcari
    Staff
    ebilcari
    Staff
    November 12, 2025

    The details are covered on this dedicated guide Device Profiler Configuration, and Prioritization is very important. Rules should be ordered accordingly, and any rules that include methods from 'Must Be Received' should always be placed at the bottom.
    For example, if a host matches a rule that evaluates DHCP but lacks DHCP fingerprint details, its evaluation becomes stuck, and other rules are not processed.
    Methods under 'Needs to Be Read' usually require a host IP to extract information. Ensure that FNAC can receive this information through L3 polling on network devices.

    Emirjon
      ByteHaven
      ByteHavenAuthor
      Explorer III
      November 12, 2025

      Thank you for this detailed explanation Emirjon. I will defo read those articles after that I am done with the admin guide

       

      BR,

      Terms & ConditionsAccessibility statement