Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
justin_zhan
New Contributor

Created on ‎04-14-2025 07:37 PM Edited on ‎04-14-2025 07:39 PM

FortiEMS Mass USB Whitelist: Fix Same-Brand VID/PID Variations

Hello, everyone. I have a question. The client ZTNA has 1,500 terminals, and each terminal may have two USB mobile devices. The client's requirement is to release them in a whitelist manner. However, with so many mobile terminals, the workload is a bit large. For the mice of the same brand purchased in the same batch, information such as USB Type, Vendor ID, Product ID, and Firmware Revision is still different.

EMS_USB.png

USB1.png

I have several questions:

Question 1: Is there any way to avoid manual entry one by one? The workload is too large.

Question 2: Can the whitelist be released based on a certain brand? For example, HP and Dell mice, Panasonic USB drives.

Question 3: For the control of such a large - number of mobile external USB devices, are there any other good suggestions?

References:

https://community.fortinet.com/t5/FortiClient/Technical-Tip-How-to-properly-identify-USB-devices-to-... 

                                                                                                                                                                       

                                                                                                                                                               Thank you all.

Labels:
395
0 Kudos
1 Solution
david_pereira
Staff & Editor
Staff & Editor

Created on ‎04-30-2025 07:21 AM

Good morning justin_zhan,

 

Hope you are well.

 

For sure, let me help you with your questions.

 

Question 1: Is there any way to avoid manual entry one by one? The workload is too large.

A: If you have different vendors, you will need to allow one by one or allow a Class instead.

https://docs.fortinet.com/document/forticlient/7.4.3/ems-administration-guide/447132/malware-protect...

 

Question 2: Can the whitelist be released based on a certain brand? For example, HP and Dell mice, Panasonic USB drives.

A: Yes, you can also use the Vendor ID, that should be the same.

 

Question 3: For the control of such a large - number of mobile external USB devices, are there any other good suggestions?

A: You can allow per Class, like HID, which stands for Human Interface Devices, that are Keyboards, Mice, Controllers and etc...

 

Hope this helps.

 

Have a great day!

TAC Engineer

View solution in original post

248
0 Kudos
3 REPLIES 3
Stephen_G
Moderator
Moderator

Created on ‎04-17-2025 07:35 AM

Hello justin_zhan,

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

 

Thanks,

Stephen - Fortinet Community Team
355
0 Kudos
Stephen_G
Moderator
Moderator

Created on ‎04-22-2025 05:03 AM

Hello,

 

We are still looking for an answer to your question.

 

We will come back to you ASAP.

 

Thanks,

Stephen - Fortinet Community Team
314
0 Kudos
david_pereira
Staff & Editor
Staff & Editor

Created on ‎04-30-2025 07:21 AM

Good morning justin_zhan,

 

Hope you are well.

 

For sure, let me help you with your questions.

 

Question 1: Is there any way to avoid manual entry one by one? The workload is too large.

A: If you have different vendors, you will need to allow one by one or allow a Class instead.

https://docs.fortinet.com/document/forticlient/7.4.3/ems-administration-guide/447132/malware-protect...

 

Question 2: Can the whitelist be released based on a certain brand? For example, HP and Dell mice, Panasonic USB drives.

A: Yes, you can also use the Vendor ID, that should be the same.

 

Question 3: For the control of such a large - number of mobile external USB devices, are there any other good suggestions?

A: You can allow per Class, like HID, which stands for Human Interface Devices, that are Keyboards, Mice, Controllers and etc...

 

Hope this helps.

 

Have a great day!

TAC Engineer
249
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.