This article describes FortiEDR IoT Device Scanning and why it might not see devices discovered.
Scope
FortiEDR and IoT Device Scanning.
Solution
The IoT Device scanning feature scans networks local to the Collector to discover non-workstation devices, such as printers, cameras, and more. In some cases, despite configuring IoT Device Scanning, no results are found. This can happen because:
FortiEDR is designed to only start an IoT Device Scan if the following prerequisites are met:
At least five Collectors reside in the same subnet with the same external (e.g. WAN) IP address.
The network has a CIDR equal to or greater than a /17 (255.255.128.0) network.
The parameters above can be adjusted by Fortinet TAC through a support ticket and are case dependent.
The endpoints are running Windows workstation edition operating systems. IoT Device Scanning will not work for Windows Servers or Linux. Note that Windows XP is not supported here.
The Collectors are in a ‘Running’ operational state. IoT Device Scanning will not commence if the Collectors are disabled, isolated, or degraded.
