FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 193215



This article explains the reasons why the devices are not properly identified and the solution to process the identification.
Sometimes incorrect device name is visible in the device Inventory, but the MAC address is correct. 
FortiGate is using different methods to identify devices and get information about it. 
This information is extracted from different protocols when traffic is passing through FortiGate 
So, the device name is not mandatory to be the Hostname of the device 

Possible problems that might be encountered with device identification:

1) Only one MAC address for all devices is shown

Check to see whether there is a Layer 3 device (router or L3 switch) between the FortiGate and client workstations.
Device identification in FortiOS is based upon MAC address, therefore if the FortiGate is unable to see the client's MAC address, identification will not work.
If clients are not on the same network as FortiGate, use agent based device authentication (FortiClient).
2) Device identification is not complete
The FortiGate may not have enough information to identify the device.
For example, if only ICMP is forwarded through the FortiGate, then the OS version can't be verified.
Alternate Test: Try sending some HTTP traffic through the FortiGate and see if device is now identified properly.
The following CLI command can be used for device identification troubleshooting:


#diagnose user device list                     <----- List all recognized hosts.
  It will show the list of all hosts recognized by FortiGate.
 Depends on the network, it will show the following information in this output:
vd 0  00:23:d4:55:45:00  gen 8  req 0  redir 0  last 18s  port1
ip  ip6 fe40::9420:9560:1dcf:8e16
type 8 'Windows PC'  src dhcp  c 1  gen 3
os 'Windows'  version ''  src dhcp  id  24  c 1
host 'TEST-PC'  src dhcp
user 'testuser' src forticlient
endpoint 2
From the output above, it shows the device IP and MAC address, device type, OS version, hostname and user (if identified) and which traffic was a source (src) for the identification.   
Additionally there is one more solution to tackle that:

- It is possible to delete the device detected and allow the FortiGate to get it detected again 

- The following command can be used to delete device using MAC address using CLI:


diagnose user device del  
<mac>    MAC address (xx:xx:xx:xx:xx:xx)