- Table of Contents
-
- 05-Objects
- 01-Health monitoring
- 02-User management
- 03-Authentication
- 04-Portal
- 05-WAF
- 06-IPS
- 07-Anti-virus
- 08-Data filtering
- 09-URL filtering
- 10-File filtering
- 11-APT defense
- 12-APR
- 13-Terminal identification
- 14-Security action
- 15-Advanced settings
- 16-Intelligences from the threat management platform
- 17-Object group
- 18-ACL
- 19-SSL
- 20-Public key management
- 21-PKI
- 22-Attack defense
- 23-Trusted access controllers
- Related Documents
-
Title | Size | Download |
---|---|---|
13-Terminal identification | 41.74 KB |
Terminal identification
This help contains the following topics:
¡ Workflow
· Configure terminal identification
¡ Configure an object group for terminal identification
¡ Configure the terminal identification whitelist
Introduction
When the terminal traffic passes through a device, the device performs the following tasks:
· Analyzes and extracts the terminal information, such as the vendor, model, and MAC address of the terminal.
· Generates a log when a terminal is identified for the first time or the terminal information changes.
Basic concepts
Terminal
You can predefine terminals in the device characteristics library to identify the terminal characteristics.
To enable terminal identification, select Objects > APPSecurity > Terminal Identification > Terminals, and then click Enable terminal identification logging.
Terminal group
You can add terminals sharing similar characteristics to a terminal group. The device can provide the same DPI service for packets of the same terminal group.
Object group for terminal identification
You can configure object groups for accurate terminal address identification. The device supports the following address object groups:
· Terminal address object group—A set of terminal IP addresses. If the packet source or destination IP address matches this group, the source or destination IP address is the terminal IP address.
· Manager address object group—A set of terminal manager IP addresses. If the packet source or destination IP address matches this group, the destination or source IP address is the terminal IP address.
Terminal identification whitelist
The device permits the traffic of a terminal if the IP address of the terminal is in the terminal identification whitelist. Otherwise, the device drops the traffic of a terminal. The terminal identification whitelist supports the following actions:
· Permit—Permits the traffic of a terminal all the time.
· Block—Drops the traffic of a terminal all the time only after the terminal information changes.
Operating mode
Terminal identification supports the following operating modes:
· Alarm—In this mode, the system permits traffic of all terminals. When the system identifies a terminal for the first time or detects a terminal information change, it sends a log message to the user. This mode is applicable to scenarios that do not have strict security requirements.
· Whitelist—In this mode, the system permits traffic of only terminals in the whitelist. When the system detects a terminal information change, it sends a log message to the user. This mode is applicable to scenarios that have strict security requirements.
To set an operating mode, select Objects > APP Security > Terminal Identification > Terminals, click Operating mode, and select an operating mode.
Workflow
Terminal identification works as follows:
· Alarm mode—The system identifies each terminal and permits traffic of all terminals. When the system detects a terminal for the first time or detects that the information about an existing terminal changes, the system sends a log message.
· Whitelist mode
a. The system identifies each terminal and checks whether the IP address of each terminal (including terminals classified as other category) is in the whitelist. An unidentifiable terminal is classified as other category.
b. If the IP address of a terminal is not in the whitelist, the system drops the traffic of the terminal. If the IP address of a terminal is in the whitelist, the system checks whether the terminal information changes. If the terminal information does not change, the system permits the traffic.
c. If the terminal information changes, the system sends a log message and check whether the whitelist action is permit.
d. If the whitelist action is permit, the system permits the traffic. Otherwise, the system drops the traffic.
Restrictions and guidelines
In whitelist mode with the block action, the system drops traffic of a terminal in the whitelist when the terminal comes online for the first time. To permits the traffic of the terminal, click Approve for the terminal.
If you configure both a manager address object group or a terminal address object group, the manager address object group has higher priority.
Configure terminal identification
Configure a terminal group
1. Click the Objects tab.
2. In the navigation pane, select APP Security > Terminal Identification > Terminal Groups.
3. Click Add.
4. Select terminals from the Available Terminals pane and click Select to add them to the terminal group.
Configure an object group for terminal identification
1. Click the Objects tab.
2. In the navigation pane, select APP Security > Terminal Identification > Terminals.
3. Click Configure object groups for terminal identification.
4. Configure a manager address object group or a terminal address object group, or configure both of them.
Configure the terminal identification whitelist
1. Click the Objects tab.
2. In the navigation pane, select APP Security > Terminal Identification > Terminals.
3. Click Operating mode.
4. Select Whitelist, and specify an action.
5. Click OK.
6. Click Configure object groups for terminal identification.
7. Configure a terminal address object group.