Fortinet black logo

Handbook

Device monitoring

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:331921
Download PDF

Device monitoring

The FortiGate can monitor your networks and gather information about the devices operating on those networks. Collected information includes:

  • MAC address
  • IP address
  • Operating system
  • Hostname
  • User name
  • How long ago the device was detected and on which FortiGate interface

You can go to User & Device > Device Inventory to view this information. Mouse-over the Device column for more details.

Depending on the information available, the Device column lists the Alias or the MAC address of the device. For ease in identifying devices, Fortinet recommends that you assign each device an Alias.

Device monitoring is enabled separately on each interface. Device detection is intended for devices directly connected to your LAN ports. If enabled on a WAN port, device detection may be unable to determine the operating system on some devices. Hosts whose device type cannot be determined passively can be found by enabling active scanning on the interface.

You can also manually add devices. This enables you to ensure that a device with multiple interfaces is displayed as a single device.

To configure device monitoring
  1. Go to Network > Interfaces.
  2. Edit the interface that you want to monitor devices on.
  3. In Networked Devices, turn on Device Detection and optionally turn on Active Scanning.
  4. Select OK.
  5. Repeat steps 2 through 4 for each interface that will monitor devices.
To assign an alias to a detected device or change device information
  1. Go to User & Device > Device Inventory and edit the device entry.
  2. Enter an Alias such as the user’s name to identify the device.
  3. Change other information as needed.
  4. Select OK.
To add a device manually
  1. Go to User & Device > Custom Devices & Groups.
  2. Select Create New > Device.
  3. Enter the following information:

    • Alias (required)
    • MAC address
    • Additional MACs (other interfaces of this device)
    • Device Type
    • Optionally, add the device to Custom Groups.
    • Optionally, enter Comments.
  4. Select OK.

The Device Inventory page uses charts to summarize and quickly filter list pages. The charts include the number of devices in each sub-category, which you can use to drilldown for more detail.

Custom avatars for custom devices

You can upload an avatar for a custom device. The avatar is then displayed in the GUI wherever the device is listed, such as FortiView, log viewer, or policy configuration. To upload an avatar image,click Upload Image on the New Device or Edit Device page of User & Device > Custom Devices & Groups. The image can be in any format your browser supports and will be automatically sized to 36 x 36 pixels for use in the FortiGate GUI.

Device offline timeout

A device is considered offline if it has not sent any packets during the timeout period. The timeout can be set to any value from 30 to 31 536 000 seconds (365 days). The default value is 300 seconds (5 minutes). The timer is configurable in the CLI:

config system global

set device-idle-timeout 300

end

Device organization, device categories, and device types

A second level of organization shows device category (except for device types not listed below). The categories, along with the devices that belong to those categories, include:

Category

Devices

Android

Android Phone, Android Tablet

BlackBerry

BlackBerry Phone, BlackBerry Playbook

Fortinet

Fortinet Device, FortiCam, FortiFone

iOS

iPad, iPhone

Windows

Windows PC, Windows Phone, Windows Tablet

Syntax

config user device

edit <category>

set category [none | android-device | blackberry-device | fortinet-device | ios-device | windows-device]

next

end

Device monitoring

The FortiGate can monitor your networks and gather information about the devices operating on those networks. Collected information includes:

  • MAC address
  • IP address
  • Operating system
  • Hostname
  • User name
  • How long ago the device was detected and on which FortiGate interface

You can go to User & Device > Device Inventory to view this information. Mouse-over the Device column for more details.

Depending on the information available, the Device column lists the Alias or the MAC address of the device. For ease in identifying devices, Fortinet recommends that you assign each device an Alias.

Device monitoring is enabled separately on each interface. Device detection is intended for devices directly connected to your LAN ports. If enabled on a WAN port, device detection may be unable to determine the operating system on some devices. Hosts whose device type cannot be determined passively can be found by enabling active scanning on the interface.

You can also manually add devices. This enables you to ensure that a device with multiple interfaces is displayed as a single device.

To configure device monitoring
  1. Go to Network > Interfaces.
  2. Edit the interface that you want to monitor devices on.
  3. In Networked Devices, turn on Device Detection and optionally turn on Active Scanning.
  4. Select OK.
  5. Repeat steps 2 through 4 for each interface that will monitor devices.
To assign an alias to a detected device or change device information
  1. Go to User & Device > Device Inventory and edit the device entry.
  2. Enter an Alias such as the user’s name to identify the device.
  3. Change other information as needed.
  4. Select OK.
To add a device manually
  1. Go to User & Device > Custom Devices & Groups.
  2. Select Create New > Device.
  3. Enter the following information:

    • Alias (required)
    • MAC address
    • Additional MACs (other interfaces of this device)
    • Device Type
    • Optionally, add the device to Custom Groups.
    • Optionally, enter Comments.
  4. Select OK.

The Device Inventory page uses charts to summarize and quickly filter list pages. The charts include the number of devices in each sub-category, which you can use to drilldown for more detail.

Custom avatars for custom devices

You can upload an avatar for a custom device. The avatar is then displayed in the GUI wherever the device is listed, such as FortiView, log viewer, or policy configuration. To upload an avatar image,click Upload Image on the New Device or Edit Device page of User & Device > Custom Devices & Groups. The image can be in any format your browser supports and will be automatically sized to 36 x 36 pixels for use in the FortiGate GUI.

Device offline timeout

A device is considered offline if it has not sent any packets during the timeout period. The timeout can be set to any value from 30 to 31 536 000 seconds (365 days). The default value is 300 seconds (5 minutes). The timer is configurable in the CLI:

config system global

set device-idle-timeout 300

end

Device organization, device categories, and device types

A second level of organization shows device category (except for device types not listed below). The categories, along with the devices that belong to those categories, include:

Category

Devices

Android

Android Phone, Android Tablet

BlackBerry

BlackBerry Phone, BlackBerry Playbook

Fortinet

Fortinet Device, FortiCam, FortiFone

iOS

iPad, iPhone

Windows

Windows PC, Windows Phone, Windows Tablet

Syntax

config user device

edit <category>

set category [none | android-device | blackberry-device | fortinet-device | ios-device | windows-device]

next

end