Has anyone enabled the " Detect and Identify Devices" feature on interfaces to try filtering by device type? Does it work? Do you have to let detection occur for a time before filtering starts?
We' re a large school district with some 50 sites going through our FG3600 to get out on the Internet. CPU utilization isn' t bad, but memory is upwards of 60%. We' re a Windows shop for the most part, with Active Directory deployed everywhere. We' ve integrated AD with the FG, and divided users into five main groups. This has worked out great for AD-capable devices.
Not so good for non-AD-capable devices, like iPads and Kindles. And these devices are joining the wireless network by the hundreds. Apple is apparently just giving iPads away so users will have to go to iTunes to buy apps. And therein lies part of the problem.
We can' t just allow everyone access to iTunes because there is a lot of educationally irrelevant, objectionable, and borderline pornographic content available there. We' ve set up special wireless networks for iPads and Kindles, but there' s no guarantee that the network key won' t get passed around. It already has, in fact. So we have a situation where kids join the IPADAIRDATA network with their school-issued wireless laptops so they can get to iTunes and other sites in that category that would ordinarily be inaccessible to them based on their AD credentials.
That' s why I find the Filter by Device capability in V5 so interesting. If it actually works, then any device that is not an iPad should not be able to use the associated web filter for iPads.
Has anyone used this feature yet? I' d really like to know.