| Solution |
Starting with iOS 14, iPadOS 14 and watchOS 7, Apples has added MAC Randomization feature to better secure their devices from being profiled or spoofed.
Also, in iOS 15.x the device Hostname is not sent in dhcp-request option 55:
https://support.apple.com/en-au/HT211227
This behavior makes it hard to profile the devices to register Apples devices using Fingerprinting in device profiling rules.
As a work around, it is possible to use the following options and parameters list to register the rogue hosts (iOS 15.0.x) in the same dhcp fingerprint DPC rule under Users & Hosts -> Device Profiling Rules, modify the DPC Rule used, select 'Methods' tab in DHCP Fingerprinting tab select 'Match Custom Attributes':
1):
Option List = 53,55,57,61,51,82
Parameter List = 1,121,3,6,15,108,114,119,252
2):
Option List = 53,55,57,61,50,51,82
Parameter List = 1,121,3,6,15,108,114,119,252
3):
Option List = 53,55,57,61,50,54,82
Parameter List = 1,121,3,6,15,108,114,119,252
4):
Option List = 53,55,57,61,51,12,82
Parameter List = 1,121,3,6,15,119,252
Result after it is registered:
Related document:
- Issues with MAC address randomization: https://community.fortinet.com/t5/FortiNAC/Technical-Note-Issues-with-MAC-address-randomization/ta-p...
- DHCP Fingerprint Profiling for Operating System OS Device Profiling Rule: https://community.fortinet.com/t5/FortiNAC/Technical-Tip-DHCP-Fingerprint-Profiling-for-Operating-Sy...
- DHCP Fingerprint Profiling Rule does not match upon initial connection:
https://community.fortinet.com/t5/FortiNAC/Technical-Note-DHCP-Fingerprint-Profiling-Rule-does-not-m...
|
