Description
This article describes how to enable 'Device Detection' to allow FortiOS to monitor networks and gather information about units operating on those networks
Scope
FortiOS versions 6.2.1 and above.
Device detection and identification feature is creating a database of disovered devices in the memory of the FortiGate unit. Depending on the size of the network, this database can become quite big. Therefore, consider this aspect when enabling device-identification of low-end models (under 200-Series). Also, it is not recommended to enable this feature on Wifi or Guest-Wifi interfaces that serve a large number of clients, as the database size will grow exponentially.
Solution
It is possible to enable 'Device Detection' to allow FortiOS to monitor networks and gather information about devices operating on those networks, including:
- MAC address.
- IP address.
- Operating system.
- Hostname.
- Username.
- When FortiOS detected the unit and on which interface.
It is possible to enable 'Device Detection' separately on each interface in Network -> Interfaces.
'Device Detection' is intended for devices that are directly connected to LAN ports.
If enabled on a WAN port, 'Device Detection' can be unable to determine the OS on some units.
It is possible to enable active scanning on the interface to find hosts whose unit types FortiOS cannot determine passively.
It is also possible to manually add units to 'Device Inventory' to ensure that a device with multiple interfaces displays as a single device.
To view the device inventory monitor in the GUI:
Go to Dashboard -> Users & Devices.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.