Fortinet black logo

New Features

Configuring the Purdue Level for discovered assets based on detected interface

Copy Link
Copy Doc ID 41a91d6d-9b7f-11ed-8e6d-fa163e15d75b:980949
Download PDF

Configuring the Purdue Level for discovered assets based on detected interface

Note

This information is also available in the FortiOS 7.4 Administration Guide:

The default Purdue Level can be set or unset in the CLI (default-purdue-level) within the system interface configuration. The default Purdue Level can be applied to discovered assets based on the interface with which they were detected. This feature requires a FortiGuard Industrial Security Service (ISS) license on the FortiGate so the Industrial Database (ISDB) can be used. Device identification must be enabled on interfaces connected to OT devices.

config system interface
    edit <name>
        set device-identification enable
        set default-purdue-level {1 | 1.5| 2 | 2.5| 3 | 3.5 | 4 | 5 | 5.5}
    next
end

By default, the default-purdue-level value is 3. If the asset's Purdue Level is manually overridden, then it takes precedence over this default value set in the interface.

Example

In this example, the default Purdue Level on port1 is changed to 3.5. Subsequently, the Purdue Level of a detected device on port1 is manually changed to 4 on the Asset Identity Center page. After the manual change on the device, the Purdue Level remains at 4.

To configure the default Purdue Level:
  1. Configure the interface settings:

    config system interface
        edit "port1"
            set device-identification enable
            set default-purdue-level 3.5
        next
    end
  2. Verify that the Purdue Level as been updated in the user device store list:

    # diagnose user-device-store device memory list
    
    Record #1:
    
            device_info
                    'ipv4_address' = '192.168.1.64'
                    'mac' = '**:**:**:**:**:**'
                    'hardware_vendor' = 'Dell'
                    'hardware_type' = 'Home & Office'
                    'hardware_family' = 'Computer'
                    'vdom' = 'root'
                    'os_name' = 'Windows'
                    'os_version' = '10 / 2016'
                    'last_seen' = '1680115135'
                    'host_src' = 'mwbs'
                    'unjoined_forticlient_endpoint' = 'false'
                    'is_online' = 'true'
                    'active_start_time' = '1680113976'
                    'dhcp_lease_status' = 'leased'
                    'dhcp_lease_expire' = '1680651757'
                    'dhcp_lease_reserved' = 'false'
                    'dhcp_server_id' = '2'
                    'is_fortiguard_src' = 'true'
                    'purdue_level' = '3.5'
                    ...
  3. Go to Security Fabric > Asset Identity Center and select the Asset Identity List tab. The device's Purdue Level is currently 3.5.

  4. Manually change the device's Purdue Level:

    1. Select the device and hover over the Purdue Level value.

    2. Click the pencil icon to edit the level.

    3. Select 4 and click Apply.

  5. Verify that the Purdue Level as been updated in the user device store list:

    # diagnose user-device-store device memory list
    
    Record #1:
    
            device_info
                    'ipv4_address' = '192.168.1.64'
                    'mac' = '**:**:**:**:**:**'
                    'hardware_vendor' = 'Dell'
                    'hardware_type' = 'Home & Office'
                    'hardware_family' = 'Computer'
                    'vdom' = 'root'
                    'os_name' = 'Windows'
                    'os_version' = '10 / 2016'
                    'last_seen' = '1680115467'
                    'host_src' = 'mwbs'
                    'unjoined_forticlient_endpoint' = 'false'
                    'is_online' = 'true'
                    'active_start_time' = '1680113976'
                    'dhcp_lease_status' = 'leased'
                    'dhcp_lease_expire' = '1680651757'
                    'dhcp_lease_reserved' = 'false'
                    'dhcp_server_id' = '2'
                    'is_fortiguard_src' = 'true'
                    'purdue_level' = '4'
                    ...

Configuring the Purdue Level for discovered assets based on detected interface

Note

This information is also available in the FortiOS 7.4 Administration Guide:

The default Purdue Level can be set or unset in the CLI (default-purdue-level) within the system interface configuration. The default Purdue Level can be applied to discovered assets based on the interface with which they were detected. This feature requires a FortiGuard Industrial Security Service (ISS) license on the FortiGate so the Industrial Database (ISDB) can be used. Device identification must be enabled on interfaces connected to OT devices.

config system interface
    edit <name>
        set device-identification enable
        set default-purdue-level {1 | 1.5| 2 | 2.5| 3 | 3.5 | 4 | 5 | 5.5}
    next
end

By default, the default-purdue-level value is 3. If the asset's Purdue Level is manually overridden, then it takes precedence over this default value set in the interface.

Example

In this example, the default Purdue Level on port1 is changed to 3.5. Subsequently, the Purdue Level of a detected device on port1 is manually changed to 4 on the Asset Identity Center page. After the manual change on the device, the Purdue Level remains at 4.

To configure the default Purdue Level:
  1. Configure the interface settings:

    config system interface
        edit "port1"
            set device-identification enable
            set default-purdue-level 3.5
        next
    end
  2. Verify that the Purdue Level as been updated in the user device store list:

    # diagnose user-device-store device memory list
    
    Record #1:
    
            device_info
                    'ipv4_address' = '192.168.1.64'
                    'mac' = '**:**:**:**:**:**'
                    'hardware_vendor' = 'Dell'
                    'hardware_type' = 'Home & Office'
                    'hardware_family' = 'Computer'
                    'vdom' = 'root'
                    'os_name' = 'Windows'
                    'os_version' = '10 / 2016'
                    'last_seen' = '1680115135'
                    'host_src' = 'mwbs'
                    'unjoined_forticlient_endpoint' = 'false'
                    'is_online' = 'true'
                    'active_start_time' = '1680113976'
                    'dhcp_lease_status' = 'leased'
                    'dhcp_lease_expire' = '1680651757'
                    'dhcp_lease_reserved' = 'false'
                    'dhcp_server_id' = '2'
                    'is_fortiguard_src' = 'true'
                    'purdue_level' = '3.5'
                    ...
  3. Go to Security Fabric > Asset Identity Center and select the Asset Identity List tab. The device's Purdue Level is currently 3.5.

  4. Manually change the device's Purdue Level:

    1. Select the device and hover over the Purdue Level value.

    2. Click the pencil icon to edit the level.

    3. Select 4 and click Apply.

  5. Verify that the Purdue Level as been updated in the user device store list:

    # diagnose user-device-store device memory list
    
    Record #1:
    
            device_info
                    'ipv4_address' = '192.168.1.64'
                    'mac' = '**:**:**:**:**:**'
                    'hardware_vendor' = 'Dell'
                    'hardware_type' = 'Home & Office'
                    'hardware_family' = 'Computer'
                    'vdom' = 'root'
                    'os_name' = 'Windows'
                    'os_version' = '10 / 2016'
                    'last_seen' = '1680115467'
                    'host_src' = 'mwbs'
                    'unjoined_forticlient_endpoint' = 'false'
                    'is_online' = 'true'
                    'active_start_time' = '1680113976'
                    'dhcp_lease_status' = 'leased'
                    'dhcp_lease_expire' = '1680651757'
                    'dhcp_lease_reserved' = 'false'
                    'dhcp_server_id' = '2'
                    'is_fortiguard_src' = 'true'
                    'purdue_level' = '4'
                    ...