NOTE: This feature requires an IoT Detection Service license.
Starting in FortiOS 6.4, FortiSwitch units can use a new FortiGuard service to identify Internet of things (IoT) devices. FortiOS can use the identified devices for storage and display. You can use the FortiOS CLI to configure IoT detection.
Each detected MAC address of an IoT device has a confidence level assigned to it. If the confidence level is less than the
iot-weight-threshold value, the MAC address is scanned. The default value is 1. Set the
iot-weight-threshold value to 0 to disable IoT detection.
You can control how often a FortiSwitch unit scans for IoT devices. The range of values is 2 to 10,080 minutes. By default, the scan interval is 60 minutes. Every MAC address will be scanned for a time interval of 60 minutes followed by 60 minutes when it will not be scanned. The start time of every MAC addressʼs 60-minute scan interval is unique. Set the
iot-scan-interval value to 0 to disable IoT detection.
A MAC address of an IoT device must be detected by the FortiSwitch unit for more than a specified number of minutes before the MAC address is passed along to the FortiGuard service for IoT identification. The default number of minutes is 5. The range of values is 0 to 10,080 minutes. Set the
iot-holdoff value to 0 to disable this setting.
If a MAC address entryʼs last-seen time is greater than the
iot-mac-idle value, the MAC address entry is not considered for IoT detection. By default, the
iot-mac-idle value is 1,440 minutes. The range of values is 0 to 10,080 minutes.
config switch-controller system
set iot-weight-threshold <0-255>
set iot-scan-interval <2-10080>
set iot-holdoff <0-10080>
set iot-mac-idle <0-10080>
Starting in FortiOS 6.4.3, IoT detection can be managed per FortiLink interface as well. IoT detection is disabled by default on the FortiLink interface. Use the FortiOS CLI or GUI to enable IoT detection on the FortiLink interface so that the FortiSwitch unit starts scanning for IoT devices.
- Go to WiFi & Switch Controller > FortiLink Interface.
- Enable IoT scanning.
config system interface
set switch-controller-iot-scanning enable