Technical Tip: 'Device detection-related' labels have been modified

btey · ‎05-10-2021

Description
The device detection-related labels have been modified. This affects control parts, such as 'device-based' firewall policies, captive portals, and access lists.
The unit discovery system uses new tagging and types.

Solution
The following CLI commands have been removed:

# config user device
# config user device-access-list
# config user device-category
# config user device-group
# config firewall policy
   edit 1
        set devices
   next
end
# config firewall policy6
   edit 1
        set devices
   next
end

Special notes (Upgrading from FortiOS 6.0 to 6.2):

All custom units and unit groups not being used in a firewall policy prior to upgrading will not be retained after upgrading.

To configure a unit or unit group after upgrading from CLI:

# config firewall policy
    edit 1
        set name "p1"
        set uuid 6eaeef92-7db1-51e9-4b73-6701d7749026
        set srcintf "port2"
        set dstintf "port1"
        set srcaddr "_upg_devgrp_grp1"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
        set fsso disable
        set nat enable
    next
end
# config firewall addrgrp
    edit "_upg_devgrp_grp1"
        set uuid 97274902-8887-51e9-ca99-732d3cb9adbe
        set member "_upg_dev_dev1@00:08:e3:ed:35:16"
        set visibility disable
    next
end
# config firewall address
    edit "_upg_dev_dev1@00:08:e3:ed:35:16"
        set uuid 97274b64-8887-51e9-7a02-2efee81068cb
        set type mac
        set start-mac 00:08:e3:ed:35:16
        set end-mac 00:08:e3:ed:35:16
        set visibility disable
    next
end