From FW Version 5.10 onwards, we implemented the feature Device Insight.
Device Insights give you more visibility of your networks including wired, wireless, BYOD,
and IoT devices. You can create an access policy with devices contextual such as OS version or
device category to enforce network segmentation. This reduces the attack surface and
prevents threats from spreading. This also helps SMB(s) reduce time spent on
the investigation.
Let's have a look on how to enable and use the Device Insights feature.
2. How to check the recognized devices and taking actions on them
3. How to use Device Insight in the policy control rules
1. Device Insight setup
You can find the settings for Device Insight under:
Configuration -> Object -> Device Insight.
Here you have the possibility to enable the function and add several profiles.
To enable the feature, tick the Enable section and click Apply:
Here you can also create Profiles so they can be used in the related configuration such as the policy control, to allow the access only based on the device type(s). To add a profile, go to the Profile management section and click the Add button. Now you can give the profile a name and choose the Category and Operating System (you can choose more then one per Category and Operating System):
For example purpose in this article, we add Computers as Category and Windows as Operating System and a NAS with Media Player and Others as Category and Linux as Operating System:
PC:
NAS:
2. How to check the recognized devices and taking actions on them
Once the Device Insight feature is enabled, you can now check the device which are connected to the USG FLEX/ATP/VPN device under the page
Monitor -> Network Status -> Device Insight
Here you can take some actions to block/unblock the access of the device(s) to the network or provide feedback about a categorization detected for the device. The actions are explained as follow:
Block device from List:
From here you can add specific devices to the block list, mark the device and click on the "Add to Block List" button:
The device will shown as blocked now:
Unblock Device from List:
To unblock the device mark it and click the "Remove from Block List" button:The device will be shown again as online now:
Feedback:
You can raise a feedback to us about a device being wrongly categorized so this can be corrected in a timely manner.
Select a device from the list and hit the button "Feedback", a pop-up windows will appear where you will see the current device information and the expected information can then be input:
Once OK is clicked, the feedback will be sent to our development team directly. Then your feedback will be reviewed and modified once verified.
3. How to use Device Insight in the policy control rules
Additional to that you can use the Device Insight Profile in the Security Policies as mentioned in section #1. Once the profile has been created, go into the page:
Go to Configuration -> Security Policy -> Policy Control
Edit an existing or add a new rule and add your "Device Insight" profile:
The Security Policy allow only communication to the public for the "Test_Insight" profile devices, the "NAS_Insight" devices will be blocked by Default Rule:
Monitor -> Logs:
Comments
0 commentsPlease sign in to leave a comment.