Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Chris_Rowan
New Contributor

Filtering by device

Has anyone enabled the " Detect and Identify Devices" feature on interfaces to try filtering by device type? Does it work? Do you have to let detection occur for a time before filtering starts? We' re a large school district with some 50 sites going through our FG3600 to get out on the Internet. CPU utilization isn' t bad, but memory is upwards of 60%. We' re a Windows shop for the most part, with Active Directory deployed everywhere. We' ve integrated AD with the FG, and divided users into five main groups. This has worked out great for AD-capable devices. Not so good for non-AD-capable devices, like iPads and Kindles. And these devices are joining the wireless network by the hundreds. Apple is apparently just giving iPads away so users will have to go to iTunes to buy apps. And therein lies part of the problem. We can' t just allow everyone access to iTunes because there is a lot of educationally irrelevant, objectionable, and borderline pornographic content available there. We' ve set up special wireless networks for iPads and Kindles, but there' s no guarantee that the network key won' t get passed around. It already has, in fact. So we have a situation where kids join the IPADAIRDATA network with their school-issued wireless laptops so they can get to iTunes and other sites in that category that would ordinarily be inaccessible to them based on their AD credentials. That' s why I find the Filter by Device capability in V5 so interesting. If it actually works, then any device that is not an iPad should not be able to use the associated web filter for iPads. Has anyone used this feature yet? I' d really like to know. Regards, Chris Rowan Brownsville, TX
----- Chris Rowan Instructional Technology Brownsville ISD Brownsville, TX
----- Chris Rowan Instructional Technology Brownsville ISD Brownsville, TX
3 REPLIES 3
ruanbatista
New Contributor

Hi Chris, I tested " Detect and Identify Devices" and it worked fine. On " Device Definition" shows all devices that pass through appliance, display the informations as SO, IP, MAC, Hostname. It display for you?
Information Security Consultant FCNSA Setrix Information Security Skype: ruan_diego
Information Security Consultant FCNSA Setrix Information Security Skype: ruan_diego
Adrian
New Contributor II

ruanbatista wrote:
Hi Chris, I tested " Detect and Identify Devices" and it worked fine. On " Device Definition" shows all devices that pass through appliance, display the informations as SO, IP, MAC, Hostname. It display for you?

Did you have to make any changes to the L3 switch on the LAN to allow this ? For some odd reason, mine only detects the switch itself (a Brocade ICX) and 1 random device on the LAN. That's it. No more no less. No matter what I try, it only detects those 2.

 

Thanks for any insight,

 

Adi

Flyshuffle

Adrian wrote:

 

Did you have to make any changes to the L3 switch on the LAN to allow this ? For some odd reason, mine only detects the switch itself (a Brocade ICX) and 1 random device on the LAN. That's it. No more no less. No matter what I try, it only detects those 2.

 

Thanks for any insight,

 

Adi

Adrian - Have you had any luck resolving this? I am experiencing the same thing. I enabled the Detect and Identify Devices feature on an interface in hopes to identifying Apple devices. Under Device Definitions I see two devices, and that is it. It is almost like there is a subscription or something where you get two devices free and have to purchase a license for more?

 

Thanks!

 

 

Top Kudoed Authors