Hi, Fortigate 200D, 5.0.4 and 5.0.5: How and when are devices detected/identified? I' m sure this was working in the past, but now the online column in device definition stays empty. It seems that all my devices were last seen about 10 days ago. Client devices don' t have Forticlient installed Step taken: - Upgrade from 5.0.4 to 5.0.5, so that rebooted my Fortigate. - " diagnose user device clear" . - deleted some permanent entries of device that are currently communicating, they are not detected/added to the list. Any idea? Thanks, Stephane
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
FortiOS 5.4 has an enhancement to device identification called 'active device identification'. It allows you to actively scan devices that can't be determined by passive means using the vulnerability scan engine.
I've tested the beta in a lab and the device identification worked well, but it was only for a directly connected network. Not sure how well it will handle a multi level LANs (cant test that scenario in my lab).
SMabille wrote:Hi,
Hi, Fortigate 200D, 5.0.4 and 5.0.5: How and when are devices detected/identified? I' m sure this was working in the past, but now the online column in device definition stays empty. It seems that all my devices were last seen about 10 days ago. Client devices don' t have Forticlient installed Step taken: - Upgrade from 5.0.4 to 5.0.5, so that rebooted my Fortigate. - " diagnose user device clear" . - deleted some permanent entries of device that are currently communicating, they are not detected/added to the list. Any idea? Thanks, Stephane
I have a similar issue where with FG 500D on 5.2.3 GA with a Brocade ICX on the LAN side. It only detects the Brocade and 1 more device. That's it. It doesn't see the hundreds of devices on the LAN. If I delete that one more device, it will randomly detect another one and that's it.
Any updates on your end ?
Thank you,
Adi
If you're using the Brocade as a router (layer 3), then MAC addresses won't "pass."
You have some choices:
1) 802.1x authentication on the clients and having it send RADIUS accounting updates to the FortiGate.
2) Install FortiClient on the clients.
3) Put the clients on their own VLAN, with a routing interface enabled on the Forti.
Adrian wrote:SMabille wrote:
Hi, Fortigate 200D, 5.0.4 and 5.0.5: How and when are devices detected/identified? I' m sure this was working in the past, but now the online column in device definition stays empty. It seems that all my devices were last seen about 10 days ago. Client devices don' t have Forticlient installed Step taken: - Upgrade from 5.0.4 to 5.0.5, so that rebooted my Fortigate. - " diagnose user device clear" . - deleted some permanent entries of device that are currently communicating, they are not detected/added to the list. Any idea? Thanks, StephaneI have a similar issue where with FG 500D on 5.2.3 GA with a Brocade ICX on the LAN side. It only detects the Brocade and 1 more device. That's it. It doesn't see the hundreds of devices on the LAN. If I delete that one more device, it will randomly detect another one and that's it.
Any updates on your end ?
Thank you,
Adi
Hi natech,
Options 1 is a bit complicated to implement and Option 2 is a no go due to a critical bug in FortiClient that kernelpanics OS X randomly.
That leaves Option 3. My clients are already on their own separate VLANS (wifi corp, wifi guest, LAN corp, etc.) I'm just not sure what you mean by the "routing interdaface configured on the Forti". Do you mind elaborating a bit on this ?
Thank you,
Adrian
I'm in the same boat actually. I have a simple setup at home as well,
Modem->FGT90D-Internal1 (10.1.255.1/30) <->Cisco3750G (10.1.255.2/30) <->LAN
All my devices are showing up detected as the SWITCH Mac addres vs. device mac address. I'm actually routing between my FGT and my L3 Switch (muliple vlans and OSPF between switch and FW)... I figured perhaps disabling Proxy ARP between the the Routed Interface on the Switch and FW would correct this problem, but that didn't help. I'm runnig 5.2.4 on my 90D.
Installing FCT on my devices is a no fly zone if I plan on attempting to use FGTs version of "NAC" in my work environment. I have the same situation at work as we are routing betweet a CoreSwitch and our 1500D Cluster(s).
" The Linux philosophy is ' Laugh in the face of danger' . Oops. Wrong One. ' Do it yourself' . Yes, that' s it." - Linus Torvalds
FortiOS 5.4 has an enhancement to device identification called 'active device identification'. It allows you to actively scan devices that can't be determined by passive means using the vulnerability scan engine.
I've tested the beta in a lab and the device identification worked well, but it was only for a directly connected network. Not sure how well it will handle a multi level LANs (cant test that scenario in my lab).
neonbit wrote:FortiOS 5.4 has an enhancement to device identification called 'active device identification'. It allows you to actively scan devices that can't be determined by passive means using the vulnerability scan engine.
I've tested the beta in a lab and the device identification worked well, but it was only for a directly connected network. Not sure how well it will handle a multi level LANs (cant test that scenario in my lab).
Are you in any way able to do a test with a routed interface ? Because honestly, this is how the FortiGates are installed in an enterprise environment.
I don't have a spare FortiGate to do tests with unfortunately :(
FWIW
I've seem numerous device detection flaws with Andorid devces ( phone vrs tablets ). Detection is not 100% fool-proof imho.
Than with any thing http a user-agent switcher will flaw the detection.
Ken
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.