Device Insight Feature for USG FLEX/ATP/VPN Series

From FW Version 5.10 onwards, we implemented the feature Device Insight.

Device Insights give you more visibility of your networks including wired, wireless, BYOD,
and IoT devices. You can create an access policy with devices contextual such as OS version or
device category to enforce network segmentation. This reduces the attack surface and
prevents threats from spreading. This also helps SMB(s) reduce time spent on
the investigation.

Let's have a look on how to enable and use the Device Insights feature.

 

1. Device Insight setup

2. How to check the recognized devices and taking actions on them

3. How to use Device Insight in the policy control rules

 

1. Device Insight setup

You can find the settings for Device Insight under:

Configuration -> Object -> Device Insight.

Here you have the possibility to enable the function and add several profiles.

To enable the feature, tick the Enable section and click Apply:insight1.png

 

Here you can also create Profiles so they can be used in the related configuration such as the policy control, to allow the access only based on the device type(s). To add a profile, go to the Profile management section and click the Add button. Now you can give the profile a name and choose the Category and Operating System (you can choose more then one per Category and Operating System):insight2.png

For example purpose in this article, we add Computers as Category and Windows as Operating System and a NAS  with Media Player and Others as Category and Linux as Operating System:

PC:

insight3.png

NAS:

insight8.png

 

2. How to check the recognized devices and taking actions on them

Once the Device Insight feature is enabled, you can now check the device which are connected to the USG FLEX/ATP/VPN device under the page

Monitor -> Network Status -> Device Insight 

insight7.png

 

Here you can take some actions to block/unblock the access of the device(s) to the network or provide feedback about a categorization detected for the device. The actions are explained as follow:

Block device from List:

From here you can add specific devices to the block list, mark the device and click on the "Add to Block List" button:

insight6.png

The device will shown as blocked now:insight5.png

 

Unblock Device from List:

To unblock the device mark it and click the "Remove from Block List" button:insight4.pngThe device will be shown again as online now:

Insight12.png

 

Feedback:

You can raise a feedback to us about a device being wrongly categorized so this can be corrected in a timely manner.

Select a device from the list and hit the button "Feedback", a pop-up windows will appear where you will see the current device information and the expected information can then be input:

mceclip1.png

 

Once OK is clicked, the feedback will be sent to our development team directly. Then your feedback will be reviewed and modified once verified.

mceclip0.png

 

3. How to use Device Insight in the policy control rules

Additional to that you can use the Device Insight Profile in the Security Policies as mentioned in section #1. Once the profile has been created, go into the page:

Go to Configuration -> Security Policy -> Policy Control 

Edit an existing or add a new rule and add your "Device Insight" profile:insight9.png

The Security Policy allow only communication to the public for the "Test_Insight" profile devices, the "NAS_Insight" devices will be blocked by Default Rule:Insight11.png

Monitor -> Logs:

Isight11.png

Articles in this section

Was this article helpful?
2 out of 2 found this helpful
Share

Comments

0 comments

Please sign in to leave a comment.