| Description | This article describes how to fix a wrong user shown on the Device Inventory Monitor or Asset Identity Center. |
| Scope |
IoT Signature, Fortiguard Servers, FortiOS v7.2.4, WAD Service.
Lab Scenario: user1 and user2 PC01
|
| Solution |
In the context of Inventory, Device detection is enabled on the interface from which it is possible for FortiGate to get information from stations and exchange messages with the FortiGuard servers to bring data together and build a database of them. i.e. Who is the vendor regarding to the MAC Address, Operational System, etc. There is a secure service provided by Fortinet through IoT Security Solution, that can provide more granular and detailed ways to protect the devices. When the device detection is enabled on the interface, only the information about the stations is exchanged with the FortiGuard Servers, and in case of user authentication to have access to the network, the user login is linked to the station on the moment of the authentication through WAD process as we can see from the images below in this lab:
Now, if another user (user1) makes the login on the same Station (PC01) and gets back to the Device Inventory Monitor (or Asset Identity Center), the user2 remains linked instead of changing to user1a s visible from the next image:
It is because the user2 is on the WAD cache and even if the cache was cleaned or if trying gracefully stop the WAD (*option 98) process or restart all WAD worker processes (*option 97), it will not be enough to unlink the previous user. The service must be restarted from the commands:
diagnose debug enable
Or
fnsysctl killall wad
Or restart the Firewall
After the WAD restart, it is necessary to do the user login to register on the cache again.
Ref: * Options 98 and 97:
Related documents: Technical Tip: Overview of WAD process structure Technical Tip: Find and restart/kill a process on a FortiGate by the process ID (PID) via pidof |
