Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
btey
Staff & Editor
Staff & Editor

Created on ‎05-07-2021 01:46 AM Edited on ‎07-18-2025 11:24 AM By Moderator

Article Id 190901

Technical Tip: Enable 'Device Detection' to allow FortiOS to monitor networks

Description


This article describes how to enable 'Device Detection' to allow FortiOS to monitor networks and gather information about units operating on those networks.

Scope


FortiGate v6.2.1 and above. The device detection and identification feature creates a database of discovered devices in the memory of the FortiGate unit. Depending on the size of the network, this database can become quite big. Therefore, consider this aspect when enabling device-identification of low-end models (under 200-Series). Also, it is not recommended to enable this feature on Wifi or Guest-Wifi interfaces that serve a large number of clients, as the database size will grow exponentially.


Solution


It is possible to enable 'Device Detection' to allow FortiOS to monitor networks and gather information about devices operating on those networks, including:

  • MAC address.
  • IP address.
  • Operating system.
  • Hostname.
  • Username.
  • Endpoint tags.
  • When FortiOS detected the unit and on which interface.

 

It is possible to enable 'Device Detection' separately on each interface in Network -> Interfaces.
'Device Detection' is intended for devices that are directly connected to LAN and DMZ ports. The widget is only available when the Interface Role is LAN, DMZ, or Undefined. It is not available when the role is WAN.

If enabled on a WAN port, 'Device Detection' can be unable to determine the OS on some units.
It is possible to enable active scanning on the interface to find hosts whose unit types FortiOS cannot determine passively. (not available feature for v7.0 and above).

It is also possible to manually add units to the 'Device Inventory' to ensure that a device with multiple interfaces displays as a single device.

To view the device inventory monitor in the GUI:
Go to Dashboard -> Users & Devices.

Note:

In newer versions such as v7.4.2, v7.4.3, v7.4.4, v7.4.5, and v7.6.0, Users & devices options are replaced with Assets and Identities.

 

 
 

When the user has issues viewing correct information under Asset Identity Center, the following commands will help to verify via the CLI:


diagnose user device stats
diagnose user device list
diagnose user-device-store device memory list
diagnose user-device-store unified device-query
diagnose user-device-store unified user-query
diagnose user-device-store unified list

diagnose debug enable
diagnosetest application wad 2500      <----- switch to wad-user-info context.
diagnose test application wad 168      <----- user-device store stats dump on v7.0.

diagnose test application wad 178      <----- user-device store stats dump on v7.2 and v7.4.
diagnose test application wad 2000     <----- switch back to WAD manager context.

 

Related document:

Device Inventory

69767
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.