Description
This article shows the 'device detection' changes.
Solution
In FortiOS 6.0.x, the 'device detection' feature contains multiple sub-components, which are independent.
1) Visibility – Detected information is available for topology visibility and logging.
2) FortiClient endpoint compliance – Information learned from FortiClient can be used to enforce compliance of those endpoints.
3) Mac-address-based device policies – Detected devices can be defined as custom devices, and then used in device-based policies.
In 6.2, these functionalities have changed:
1) Visibility – Configuration of the feature remains the same as FortiOS 6.0, including FortiClient information.
2) FortiClient endpoint compliance – A new fabric connector replaces this, and aligns it with all other endpoint connectors for dynamic policies. For more information, see Dynamic Policy - FortiClient EMS (Connector) in the FortiOS 6.2.0 New Features Guide.
3) MAC-address-based policies – A new address type is introduced (MAC address range), which can be used in regular policies. The previous device policy feature can be achieved by manually defining MAC addresses, and then adding them to regular policy table in 6.2. For more information, see MAC Addressed-Based Policies in the FortiOS 6.2.0 New Features Guide.
If 'device policies' in 6.0.x were used, migrate these policies to the regular policy table manually after upgrade. After upgrading to 6.2.0:
1) Create MAC-based firewall addresses for each device.
2) Apply the addresses to regular IPv4 policy table.
In 6.4.0, device detection related GUI functionality has been relocated:
1) The 'device section' has moved from User & Authentication (formerly User & Device) to a widget in Dashboard.
2) The email collection monitor page has moved from Monitor to a widget in Dashboard.
