Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
neonbit
Valued Contributor

Created on ‎08-04-2017 05:36 AM

Device detection not available on ssl.root interface on 5.6.1

I've recently upgraded my FG201E to 5.6.1 and for some reason devices connecting via SSLVPN are now showing up correctly in FortiView (ie: can't determine their OS).

 

This was working fine in 5.6.0, where I could see users, forticlient status and device type in FortiView.

 

Had a look at the ssl.root interface and can't see the device detection options available (as they are for other interfaces).

 

Does anyone know if there's a way to enable this?

7673
0 Kudos
4 REPLIES 4
storaid
Contributor

Created on ‎08-04-2017 06:08 AM

 

my problem is failed ssl-vpn policy access when device-identification was added for Windows device...

Endpoint Registration from ssl-vpn has been enabled..

try to enable endpoint-compliance in the CLI will cause all ssl-vpn traffic was blocked..

 

few days ago, I have opened new ticket to talk my problem...

 

I tested android device with forticlient ssl-vpn ...

seems like it does get good working with device-identification...

but windows os...

it ALWAYS failed...

 

are you using windows with forticlient???...

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
2364
0 Kudos
storaid
Contributor
In response to storaid

Created on ‎08-04-2017 06:18 AM

for Windows device:

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
2364
0 Kudos
neonbit
Valued Contributor
In response to storaid

Created on ‎08-17-2017 02:36 AM

Hi Storaid, I'm using a windows device with Forticlient. It's showing up connect just like yours but I dont have device identification enabled.

 

Just to confirm, if you connect to the SSLVPN, can you see the device as a windows PC under FortiView?

2364
0 Kudos
storaid
Contributor
In response to neonbit

Created on ‎08-17-2017 06:48 PM

neonbit wrote:

Hi Storaid, I'm using a windows device with Forticlient. It's showing up connect just like yours but I dont have device identification enabled.

 

Just to confirm, if you connect to the SSLVPN, can you see the device as a windows PC under FortiView?

NO, looks like the device from sslvpn can NOT be identified with device-detection function...

actually, I mean...

since v5.6.x, the device detection is too bad...

its accuracy sucks...

even if the windows device is under the internal LAN, the device-detection often can not correctly identify this device...

I believe they do change something about this function to make it too bad...

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
2364
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.