| Solution |
If using the default Windows (DHCP) DPC rule that validates DHCP Fingerprinting Type = windows is used.
- Make sure to configure the Primary and Secondary FortiNAC eth0 IP as an ip-helper on the Layer 3 device.
In the case of the Control and Application servers running separately, the Application server management eth0 IP should be configured as an IP helper.
The management interface only listens and does not respond to DHCP requests.
- 'tcpdump -nnvvSXi eth0 port 67 or 68' must receive DHCP discover, request, or inform packets.
- The command below will show the device if it was fingerprinted by FortiNAC and the OS was detected with additional DHCP parameters.
dumpdeviceidentities -mac xx:xx:xx:xx:xx:xx <----- It should be the host MAC address.
Output example:
xx:xx:xx:xx:xx:xx(HP COMPUTER INC.) DHCPv4 1(DHCPv4 REQUEST) Windows Windows 10 LAPTOP-LAB MSFT 5.0 1,3,6,15,31,33,43,44,46,47,119,121,249,252 53,61,50,12,81,60,55,82.
Troubleshooting Commands:
Profiler evaluation details (prints to /bsc/logs/output.nessus):
nacdebug -name ActiveFingerprint true
DPC Server processes (prints to /bsc/logs/output.master):
nacdebug -name DpcRuleServer true
This should show the DHCP parameters FORTINAC receives from DHCP discover, request, or inform packets:
dumpdeviceidentities -mac XX:XX:XX:XX:XX:XX
XX:XX:XX:XX:XX:XX(HP COMPUTER INC.) DHCPv4 1(DHCPv4 REQUEST) Windows Windows 10 LAPTOP-LAB MSFT 5.0 1,3,6,15,31,33,43,44,46,47,119,121,249,252 53,61,50,12,81,60,55,82
client -mac XX:XX:XX:XX:XX:XX
In another window, SSH session run the below:
tf /bsc/logs/output.nessus | egrep -i “XX:XX:XX:XX:XX:XX|XX-XX-XX-XX-XX-XX|XXXXXXXXXXXX”
Disable Debugging:
nacdebug -name DpcRuleServer
nacdebug -name ActiveFingerprint
Related documents:
Technical Note: DHCP Fingerprint Profiling Rule does not match upon initial connection
Device Profiler Configuration
|
