Created on 09-05-2019 06:16 AM Edited on 03-18-2024 04:48 AM By Jean-Philippe_P
Description
This article describes the case when the device Profiling Rule using DHCP Fingerprint method does not match when a rogue host first connects. However, the rule matches the second time the host is evaluated (either by re-running the rule or deleting the host from Hosts -> Host View and reconnecting).
This behavior can occur if the DHCP fingerprint is not received before the host is evaluated by the rule. Once the DHCP fingerprint containing the hostname is received, it is saved in the database. Since the information is now available, the host will match upon re-evaluation.
Increase 'serviceGracePeriod' to allow more time to receive a fingerprint.
Related Articles:
Technical Note: View DHCP Fingerprint information received from the production network
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.