Hello,
When I register smartphones via dot1x auto registration, devices appear in the host view as "registered hosts." This is OK; it gets the job done. However, I couldn't find a way to modify the device type other than manually editing the host and setting it manually.
When a user has multiple devices (phones, tablets, PC, etc..) This creates a bit of complexity in the host view.IT admins have to sort things out manually for multiple devices with the same registered user.
I tried to find a way around by using device profiling rules for iPhones and Androids by vendor name and DHCP fingerprint and confirming the device rule on connect. But it didn't work. (I know this profiling is for rogue devices; an already registered device would not hit this rule, but I tried anyway.)
Here is the question, Is there a way to change the device type automatically after dot1x registration?
It would be great to have Androids and iPhones sorted out with their icons and device types at the host view.
This is tested at FNAC 9.2, 9.4 early releases and FNAC-F 7.2.7.
Solved! Go to Solution.
You need to check in endoint fingerprint the source that provides the OS: Android or IoS. With automatic registration it is Radius Access request used as source for the fingerprint. It provides no Info on OS.
I believe DHCPv4 will update the correct device type once you register it again.
User & Hosts -> Endpoint Fingerprints -> Set Source Rank, it is possible to rearrange rank and enable/disable 'update registered' option for each fingerprint source.
Check this article: https://community.fortinet.com/t5/FortiNAC-F/Technical-Tip-Track-rogue-host-profiling-data-through-E...
You need to check in endoint fingerprint the source that provides the OS: Android or IoS. With automatic registration it is Radius Access request used as source for the fingerprint. It provides no Info on OS.
I believe DHCPv4 will update the correct device type once you register it again.
User & Hosts -> Endpoint Fingerprints -> Set Source Rank, it is possible to rearrange rank and enable/disable 'update registered' option for each fingerprint source.
Check this article: https://community.fortinet.com/t5/FortiNAC-F/Technical-Tip-Track-rogue-host-profiling-data-through-E...
Thank you Sx11,
As you stated ranks was the solution. DHCP option was disabled for source ranking it directly worked.
Best Regards.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1739 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.