DescriptionDevices take longer than expected to become registered automatically by Device Profiler.
ScopeVersion: 8.xSolutionWhen a rogue device record is created, the device is evaluated against the active Device Profiling rules. The device is evaluated against each rule until a “fail” or “pass” result is reached. If information required for a rule is taking an extensive amount of time to retrieve it, delays will be experienced. For more information on functionality, see Device Profiler Configuration reference manual in the Fortinet Document Library.
Rules requiring TCP/IP information: Rogues in networks without L3 polling enabled. For troubleshooting L3 polling, see related KB article below.
Methods requiring TCP/IP information
Location
Active
HTTP/HTTPS
IP Range
SNMP
SSH
TCP
Telnet
UDP
WinRM
WMI Profile
Passive
Persistent Agent
Rules requiring DHCP Fingerprint information: DHCP traffic is not received in time. See related KB article below.
Method requiring DHCP Fingerprint information
DHCP Fingerprinting
Diagnose:
Enable debug to view rule evaluation activity.
1. Enable ActiveFingerprint debug. In Control Server CLI type
CampusMgrDebug -name ActiveFingerprint true
2. Tail the output.nessus log. In the Application server CLI type
tail -F /bsc/logs/output.nessus | tee <filename>.txt
3. Connect a new host to the network.
4. Type CTRL-C to stop tail.
Related Articles
Technical Note: Troubleshooting Poll failures
Technical Note: DHCP Fingerprint Profiling Rule does not match upon initial connection
