How to determine device information on wifi devices

Forum|Forum|4 months ago
February 10, 2026
1 reply
250 views

Hello.

I have read this article - Enable 'Device Detection' to allo... - Fortinet Community

which describes the method of locating device information, seemingly only for LAN,DMZ, and Untrusted.

To fully be able to block non essential devices from accessing our wifi, or 'managing' those devices thru qos or restrictions I need to be able to determine what those devices are. For example, occasionally we might have users try to bring in their own personal devices to work 'outside' our security parameters.

On the previous firewall I was able to determine those types of devices, like apple watches, ipads, other laptops, etc - and since i could determine their mac address, and knew their 'types' I could block those devices from our environment.

I don't see how to do this using the fortigate, managed switches, and managed wifi devices. I can see only their mac address - and technically, according to the article above - i shouldn't have 'device detection' set on our wifi vlans. I do have it on the 'ports' and it's helpful in determining machine names, types there.

also - only some of my ports are showing the device identification (desktop...., laptop....) and some ports are not displaying that information. I would think that the identification information is coming from the device but don't know what specifically differentiates or determines whether to display that infomation there so any thoughts on this would help.

is there a way around this so i know that only 'trusted' devices are using our wifi for business purposes?

thanks in advance.

brandonziots

Explorer

The article suggest disabling device detection specifically on public WiFi SSIDs to avoid bogging down the database. If you're just enabling device detection on your internal SSIDs it shouldn't be a problem unless you have thousands upon thousands of devices. We have device detection running on all of our WiFi VLANs but also only see about 500 total devices per site at a time. This is on 70G models.

mark8263Author

New Member

ok. must have missed that.

that being so, why don't i have the device information showing for the devices, other than the mac,ip,etc. some wifi devices will show the 'machine' or 'type' of device - like 'john-android, or jim-macbookpro' ....etc

I also, even tho i have device detection turned on for the switches don't always see the 'device name'.

brandonziots

Explorer

It's my understanding the device detection relies heavily on MAC addresses to extrapolate information about the device manufacturer/type/etc. So if there is a L3 device between your switchport and device, the MAC may not be making it all the way to the FortiSwitch/FortiGate. Additionally some Apple devices may have Private WiFi (setting may be called something else I can't remember) enabled.
Here's a good tech tip: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Devices-are-not-identified-properly/ta-p/193215?externalID=FD35407

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded