Skip to main content
justin_zhan
justin_zhan
New Member
April 15, 2025
Solved

FortiEMS Mass USB Whitelist: Fix Same-Brand VID/PID Variations

  • April 15, 2025
  • 3 replies
  • 1173 views

Hello, everyone. I have a question. The client ZTNA has 1,500 terminals, and each terminal may have two USB mobile devices. The client's requirement is to release them in a whitelist manner. However, with so many mobile terminals, the workload is a bit large. For the mice of the same brand purchased in the same batch, information such as USB Type, Vendor ID, Product ID, and Firmware Revision is still different.

EMS_USB.png

USB1.png

I have several questions:

Question 1: Is there any way to avoid manual entry one by one? The workload is too large.

Question 2: Can the whitelist be released based on a certain brand? For example, HP and Dell mice, Panasonic USB drives.

Question 3: For the control of such a large - number of mobile external USB devices, are there any other good suggestions?

References:

https://community.fortinet.com/t5/FortiClient/Technical-Tip-How-to-properly-identify-USB-devices-to-configure/ta-p/339955 

                                                                                                                                                                       

                                                                                                                                                               Thank you all.

Best answer by david_pereira

Good morning justin_zhan,

 

Hope you are well.

 

For sure, let me help you with your questions.

 

Question 1: Is there any way to avoid manual entry one by one? The workload is too large.

A: If you have different vendors, you will need to allow one by one or allow a Class instead.

https://docs.fortinet.com/document/forticlient/7.4.3/ems-administration-guide/447132/malware-protection

 

Question 2: Can the whitelist be released based on a certain brand? For example, HP and Dell mice, Panasonic USB drives.

A: Yes, you can also use the Vendor ID, that should be the same.

 

Question 3: For the control of such a large - number of mobile external USB devices, are there any other good suggestions?

A: You can allow per Class, like HID, which stands for Human Interface Devices, that are Keyboards, Mice, Controllers and etc...

 

Hope this helps.

 

Have a great day!

3 replies

Stephen_G
Moderator
Stephen_G
Moderator
April 17, 2025

Hello justin_zhan,

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

 

Thanks,

Stephen_G - Fortinet Community Team
Stephen_G
Moderator
Stephen_G
Moderator
April 22, 2025

Hello,

 

We are still looking for an answer to your question.

 

We will come back to you ASAP.

 

Thanks,

Stephen_G - Fortinet Community Team
david_pereira
Staff & Editor
david_pereiraAnswer
Staff & Editor
April 30, 2025

Good morning justin_zhan,

 

Hope you are well.

 

For sure, let me help you with your questions.

 

Question 1: Is there any way to avoid manual entry one by one? The workload is too large.

A: If you have different vendors, you will need to allow one by one or allow a Class instead.

https://docs.fortinet.com/document/forticlient/7.4.3/ems-administration-guide/447132/malware-protection

 

Question 2: Can the whitelist be released based on a certain brand? For example, HP and Dell mice, Panasonic USB drives.

A: Yes, you can also use the Vendor ID, that should be the same.

 

Question 3: For the control of such a large - number of mobile external USB devices, are there any other good suggestions?

A: You can allow per Class, like HID, which stands for Human Interface Devices, that are Keyboards, Mice, Controllers and etc...

 

Hope this helps.

 

Have a great day!

Terms & ConditionsAccessibility statement