Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
hrahuman_FTNT
Staff
Staff

Created on ‎01-06-2015 04:23 PM Edited on ‎10-31-2022 10:58 PM By Community Manager

Article Id 193215

Technical Tip: Devices are not identified properly

Description

 

This article explains the reasons why the devices are not properly identified and the solution to process the identification.
Sometimes incorrect device name is visible in the device Inventory, but the MAC address is correct. 
 
FortiGate is using different methods to identify devices and get information about it. 
This information is extracted from different protocols when traffic is passing through FortiGate 
So, the device name is not mandatory to be the Hostname of the device 

Solution
 
Possible problems that might be encountered with device identification:

1) Only one MAC address for all devices is shown

Check to see whether there is a Layer 3 device (router or L3 switch) between the FortiGate and client workstations.
Device identification in FortiOS is based upon MAC address, therefore if the FortiGate is unable to see the client's MAC address, identification will not work.
If clients are not on the same network as FortiGate, use agent based device authentication (FortiClient).
2) Device identification is not complete
The FortiGate may not have enough information to identify the device.
For example, if only ICMP is forwarded through the FortiGate, then the OS version can't be verified.
Alternate Test: Try sending some HTTP traffic through the FortiGate and see if device is now identified properly.
The following CLI command can be used for device identification troubleshooting:

 

#diagnose user device list                     <----- List all recognized hosts.
 
  It will show the list of all hosts recognized by FortiGate.
 Depends on the network, it will show the following information in this output:
vd 0  00:23:d4:55:45:00  gen 8  req 0  redir 0  last 18s  port1
ip 172.18.1.14  ip6 fe40::9420:9560:1dcf:8e16
type 8 'Windows PC'  src dhcp  c 1  gen 3
os 'Windows'  version ''  src dhcp  id  24  c 1
host 'TEST-PC'  src dhcp
user 'testuser' src forticlient
endpoint 2
   
From the output above, it shows the device IP and MAC address, device type, OS version, hostname and user (if identified) and which traffic was a source (src) for the identification.   
Additionally there is one more solution to tackle that:

- It is possible to delete the device detected and allow the FortiGate to get it detected again 

- The following command can be used to delete device using MAC address using CLI:

 

diagnose user device del  
<mac>    MAC address (xx:xx:xx:xx:xx:xx)

Preview file
32 KB
33385
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.