Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
SMabille
Contributor

Created on ‎11-06-2013 01:40 AM

Device detection

Hi, Fortigate 200D, 5.0.4 and 5.0.5: How and when are devices detected/identified? I' m sure this was working in the past, but now the online column in device definition stays empty. It seems that all my devices were last seen about 10 days ago. Client devices don' t have Forticlient installed Step taken: - Upgrade from 5.0.4 to 5.0.5, so that rebooted my Fortigate. - " diagnose user device clear" . - deleted some permanent entries of device that are currently communicating, they are not detected/added to the list. Any idea? Thanks, Stephane

Labels:
35580
0 Kudos
1 Solution
neonbit
Valued Contributor

Created on ‎08-04-2015 10:09 PM

FortiOS 5.4 has an enhancement to device identification called 'active device identification'. It allows you to actively scan devices that can't be determined by passive means using the vulnerability scan engine.

 

I've tested the beta in a lab and the device identification worked well, but it was only for a directly connected network. Not sure how well it will handle a multi level LANs (cant test that scenario in my lab).

View solution in original post

9184
0 Kudos
9 REPLIES 9
Bromont_FTNT
Staff
Staff

Created on ‎11-06-2013 04:59 AM

You still have " Detect and Identify Devices" selected in the interface menu?
9114
0 Kudos
SMabille
Contributor

Created on ‎11-06-2013 05:03 AM

Of course. Even tried disable it, re-enable it without effect.
9114
0 Kudos
Adrian
New Contributor II

Created on ‎07-07-2015 09:07 AM

SMabille wrote:
Hi, Fortigate 200D, 5.0.4 and 5.0.5: How and when are devices detected/identified? I' m sure this was working in the past, but now the online column in device definition stays empty. It seems that all my devices were last seen about 10 days ago. Client devices don' t have Forticlient installed Step taken: - Upgrade from 5.0.4 to 5.0.5, so that rebooted my Fortigate. - " diagnose user device clear" . - deleted some permanent entries of device that are currently communicating, they are not detected/added to the list. Any idea? Thanks, Stephane
Hi,

 

I have a similar issue where with FG 500D on 5.2.3 GA with a Brocade ICX on the LAN side. It only detects the Brocade and 1 more device. That's it. It doesn't see the hundreds of devices on the LAN. If I delete that one more device, it will randomly detect another one and that's it.

 

Any updates on your end ?

 

Thank you,

 

Adi

9114
0 Kudos
natech
New Contributor
In response to Adrian

Created on ‎07-07-2015 10:05 AM

If you're using the Brocade as a router (layer 3), then MAC addresses won't "pass."

 

You have some choices:

 

1) 802.1x authentication on the clients and having it send RADIUS accounting updates to the FortiGate.

 

2) Install FortiClient on the clients.

 

3) Put the clients on their own VLAN, with a routing interface enabled on the Forti.

 

 

 

Adrian wrote:

SMabille wrote:
Hi, Fortigate 200D, 5.0.4 and 5.0.5: How and when are devices detected/identified? I' m sure this was working in the past, but now the online column in device definition stays empty. It seems that all my devices were last seen about 10 days ago. Client devices don' t have Forticlient installed Step taken: - Upgrade from 5.0.4 to 5.0.5, so that rebooted my Fortigate. - " diagnose user device clear" . - deleted some permanent entries of device that are currently communicating, they are not detected/added to the list. Any idea? Thanks, Stephane

I have a similar issue where with FG 500D on 5.2.3 GA with a Brocade ICX on the LAN side. It only detects the Brocade and 1 more device. That's it. It doesn't see the hundreds of devices on the LAN. If I delete that one more device, it will randomly detect another one and that's it.

 

Any updates on your end ?

 

Thank you,

 

Adi

9114
0 Kudos
Adrian
New Contributor II
In response to natech

Created on ‎07-07-2015 12:06 PM

Hi natech,

 

Options 1 is a bit complicated to implement and Option 2 is a no go due to a critical bug in FortiClient that kernelpanics OS X randomly.

 

That leaves Option 3. My clients are already on their own separate VLANS (wifi corp, wifi guest, LAN corp, etc.) I'm just not sure what you mean by the "routing interdaface configured on the Forti". Do you mind elaborating a bit on this ?

 

Thank you,

 

Adrian

9114
0 Kudos
Camshaft007
New Contributor

Created on ‎08-04-2015 09:37 PM

I'm in the same boat actually.  I have a simple setup at home as well,

 

Modem->FGT90D-Internal1 (10.1.255.1/30) <->Cisco3750G (10.1.255.2/30) <->LAN

 

All my devices are showing up detected as the SWITCH Mac addres vs. device mac address.  I'm actually routing between my FGT and my L3 Switch (muliple vlans and OSPF between switch and FW)... I figured perhaps disabling Proxy ARP between the the Routed Interface on the Switch and FW would correct this problem, but that didn't help.  I'm runnig 5.2.4 on my 90D.

 

Installing FCT on my devices is a no fly zone if I plan on attempting to use FGTs version of "NAC" in my work environment.  I have the same situation at work as we are routing betweet a CoreSwitch and our 1500D Cluster(s).

" The Linux philosophy is ' Laugh in the face of danger' . Oops. Wrong One. ' Do it yourself' . Yes, that' s it." - Linus Torvalds

" The Linux philosophy is ' Laugh in the face of danger' . Oops. Wrong One. ' Do it yourself' . Yes, that' s it." - Linus Torvalds
9114
0 Kudos
neonbit
Valued Contributor

Created on ‎08-04-2015 10:09 PM

FortiOS 5.4 has an enhancement to device identification called 'active device identification'. It allows you to actively scan devices that can't be determined by passive means using the vulnerability scan engine.

 

I've tested the beta in a lab and the device identification worked well, but it was only for a directly connected network. Not sure how well it will handle a multi level LANs (cant test that scenario in my lab).

9185
0 Kudos
Adrian
New Contributor II
In response to neonbit

Created on ‎08-05-2015 08:39 AM

neonbit wrote:

FortiOS 5.4 has an enhancement to device identification called 'active device identification'. It allows you to actively scan devices that can't be determined by passive means using the vulnerability scan engine.

 

I've tested the beta in a lab and the device identification worked well, but it was only for a directly connected network. Not sure how well it will handle a multi level LANs (cant test that scenario in my lab).

Are you in any way able to do a test with a routed interface ? Because honestly, this is how the FortiGates are installed in an enterprise environment.

 

I don't have a spare FortiGate to do tests with unfortunately :(

9114
0 Kudos
emnoc
Esteemed Contributor III

Created on ‎08-05-2015 09:13 AM

FWIW

 

I've seem numerous device detection flaws with Andorid devces ( phone vrs tablets ). Detection is not 100% fool-proof imho.

Than with any thing http a user-agent switcher will flaw the detection.

 

Ken

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
9114
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.