Description
This article expands upon the FortiGate new feature guide here:
https://docs.fortinet.com/document/fortigate/6.4.0/new-features/200740/implement-a-user-device-store...
It illustrates in greater detail how to manually configure units in version 6.4 and what other options are available following the changes in version 6.4.
Solution
FortiOS 6.4 introduced sweeping changes to how FortiGate handles devices and device management.
1) Device inventory, viewing connected units and interacting with them.
Device Inventory, along with the monitoring and FortiView sections, were all consolidated into widgets in firmware version 6.4.
The Device Inventory widget is by default available on the 'Users & Devices' dashboard, but can be added to other dashboards as well.
Hovering the mouse over it and expanding it returns a full-screen display listing individual, currently connected units.
Selecting the unit entries allows for filtering options and applying/creating policies for the unit.
Hovering the mouse over the device name instead produces a small pop-up, allowing creation of a Device Address or banning the associated IP.
2) Device Objects.
In firmware version 6.2, devices were created under the 'User & Devices' section.
This section is 'User & Authentication' in version 6.4.
Device objects are instead treated as firewall objects of type 'Device (MAC)' and can be created with an associated MAC address under 'Policy & Objects'.
These can be used in firewall policies as sources the same as any other firewall address.
Note.
In 6.2 and lower, units were treated similar to users/groups; a connecting host had to fulfill both the source-address condition and the device condition to match a policy.
This is no longer the case; the device is treated as an address itself, and a connecting host only needs to satisfy one of the source address conditions (like the proper device MAC address, OR the proper IP address)
