Device detection changes
In FortiOS 6.0.x, the device detection feature contains multiple sub-components, which are independent:
- Visibility – Detected information is available for topology visibility and logging.
- FortiClient endpoint compliance – Information learned from FortiClient can be used to enforce compliance of those endpoints.
- Device-based policies – Device type/category and detected devices/device groups can be defined as custom devices, and then used in device-based policies.
In 6.2, these functionalities have changed:
- Visibility – Configuration of the feature remains the same as FortiOS 6.0, including FortiClient information.
- FortiClient endpoint compliance – A new fabric connector replaces this, and aligns it with all other endpoint connectors for dynamic policies. For more information, see Dynamic Policy - FortiClient EMS (Connector) in the FortiOS 6.2.0 New Features Guide.
- Mac-address-based policies – A new address type is introduced (Mac Address Range), which can be used in regular policies. The previous device policy feature can be achieved by manually defining MAC addresses, and then adding them to regular policy table in 6.2. For more information, see MAC Addressed-Based Policies in the FortiOS 6.2.0 New Features Guide.
If you were using device policies in 6.0.x, you will need to migrate these policies to the regular policy table manually after upgrade. After upgrading to 6.2.0:
- Create MAC-based firewall addresses for each device.
- Apply the addresses to regular IPv4 policy table.