Device Insight.

kunz
kunz Posts: 32  Freshman Member
First Comment Friend Collector Third Anniversary

Very nice. But at times can be a problem. Device Insight at times have identified the device correctly, then later on identifies the device as something different.

I try my best to submit the device feedback, and thanks me for submitting, but it still doesn’t recognize the device correctly.

Not sure what’s going on with the Device Insight Fingerprint Database as it at times, as keep changing it’s mind. Even after numerous feedbacks of the device type and kind.

I did try the, “delete the devices”, and then did the re-detect of of the said devices after several days. It worked out for a while, then again changed its mind about the devices later on. Not as consistent as I would like it to be.

Although some devices have been constantly and correctly identified, which I’m very happy with, mostly APs.

When I first used this feature, it was really something that I liked. Love it that Device Insight +.MAC Address/Static IP + Policy Control + etc. It’s just awesome. But when the Device Insight Fingerprint Database changes it mind, your devices will definitely get blocked with the Policy Control if you used it in tandem.

Honestly, it was a nightmare trying to figure out why devices lost connectivity. At first I thought it was the service provider, then maybe the device was disconnected from the AP, or the CDR was in effect…and on and on, troubleshooting, until finally I figured it out to be the ”Device Insight” that was causing the problem.

Although, the thought did occur in my mind that maybe another device pretending to be the device was successful in connecting to the Access Point and that the Device Insight did it’s job of blocking the rogue device.

I hope the feature will improve further with time as it’s a really nice feature. I appreciate the feature.

Accepted Solution

  • Zyxel_James
    Zyxel_James Posts: 663  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 100 Answers
    Answer ✓

    @Loek I found that Fast Forwarding is enabled in your configuration, and it stops the service of Device Insight.
    Enabling Fast Forwarding is to the NAT/Routing/firewall performance, but the sessions will bypass scan & control for some features, Device Insight included.
    Please disable Fast Forwarding, re-enable Device Insight, reboot the device, and detect again.

«1

All Replies

  • Zyxel_James
    Zyxel_James Posts: 663  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 100 Answers

    @kunz

    Thanks for your feedback on this feature.
    About the problem you encountered, could you provide more information for further checking?

    1. What kind or brand of devices encounter this problem more often? Could you provide an example that I can test too?
    2. For the incorrectly identified device, could you provide some screenshots? I would like to know the difference between correctly identified information and incorrect one.
    3. When you noticed that the host device was identified as a different device, is the device connected to the firewall in the same way that it could be identified correctly?

    If the screenshots include some sensitive Information, you may contact me through private message, thanks.

  • kunz
    kunz Posts: 32  Freshman Member
    First Comment Friend Collector Third Anniversary

    Hi @Zyxel_James,

    My apologies for the delay, recently been out with some tasks.

    1. The brand of devices are mostly Apple devices. iPhones, iPads, MacBook. Some Linux devices. So far no issues with the Linux boxes. Initially they were detected correctly, like for example iPhone 8 Plus was detected correctly and up to now it is correctly identified by Device Insight. With the iPad and the MacBook, it was detected correctly, but later on, I'm not sure when, maybe a few days or weeks later on, one of the IPads is now detected as a Computer>macOS>10.15.7>Mac OS X, and so the device is blocked by the Policy Control/Device Insight. Even if I try to give feedback the situation does not change. I only wish that there was an override option similar the the "feedback feature", assuming the admin is really sure that it is the correct device that is the one that is connected, the admin could insist that it is the correct device, and maybe the Fingerprint Database would accept it? Maybe add value to the contribution to the Fingerprint Database? I am unsure if that is even a sound suggestion. probably is a flawed suggestion. But in the worst case, and connectivity is needed I imagine that maybe most, will not just use the Device Insight feature. Not sure why or what causes the miss identification. Perhaps when the device gets an update frome Apple or maybe the device identification got spoofed by an unauthorized/rogue device when the authorized device was offline or disconnected, As wifi is really a problem at times. Burden of constantly changing WiFi password. Those were just my best guess as a possibility. Meanwhile the MacBook is identified now as an Others/Others/Apple HomePod which is wrong too.
    2. I'll message you some of the screenshots for your further reference.
    3. Yes, it was connected to the firewall at the time of I discovered the incorrect identification. Yes, it could be correctly identified by me, but feedback won't accept the feedback as correct. Maybe an override option? But unsure if some prior time a rogue device may have connected while the Apple device was not online or disconnected. There by maybe causing the Fingerprint Database to change it's identification of the said device? As I have been observing some attempts to connect to our WiFi but were so far it was successfully repelled by MAC Authentication and MAC Filtering. Maybe I'm just a bit too suspicious of the area as the WiFi is so hostile. I'm now in the process of trying to use the built-in RADIUS with creation of Users. Hoping to avoid the constant changing of the general WiFi password for every device. Also maybe a better approach overall?

    I hope that it helped somehow, I'll message the screenshots.

    Warm regards,

    Kunz

  • kunz
    kunz Posts: 32  Freshman Member
    First Comment Friend Collector Third Anniversary

    One of the devices, iPad is not reflected in Monitor>Device Insight.

    But can be seen in Monitor>Wireless>Station Info>Station List as logged in, same with Monitor>Login User>Current User List. Will send you also the screenshot.

    Thanks

  • Zyxel_James
    Zyxel_James Posts: 663  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 100 Answers

    @kunz

    Sure, please send me the screenshots through private message. it would be helpful for further checking.

  • Loek
    Loek Posts: 10  Freshman Member
    First Comment Sixth Anniversary
    edited August 2023

    @kunz

    You said (quote): "I did try the, “delete the devices”, and then did the re-detect of of the said devices after several days."

    How did you "re-detect"? Is there a way to force re-detection of devices after deleting them? I have deleted all entries in my Device Insight list, but after weeks (including two reboots), the list remains empty on my USG20 (Flex 50).

    Thx

  • Zyxel_James
    Zyxel_James Posts: 663  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 100 Answers

    @Loek The host is able to be re-detected after being removed. I just test it on ATP200 v5.37.

    Please input the CLI "Router(config)# device_debug flush device-list", and re-enable the option of Device Insight and try again.

  • Loek
    Loek Posts: 10  Freshman Member
    First Comment Sixth Anniversary
    edited August 2023

    Yeah, I had tried that too, but the list remains empty. Here are screen shots:

    I will give it another 24 hours, but I'm not hopeful. I'm running firmware V5.37(ABAQ.0)

  • kunz
    kunz Posts: 32  Freshman Member
    First Comment Friend Collector Third Anniversary

    Hi @Loek,

    Mine was re-detected by the ATP on its own. No idea, if it’s a Zyxel device issue or the remote database of Device Insight.

    it’s a wonderful feature, but can block traffic unexpectedly if the remote database of Device Insight decides that your device is not what it thinks it is.

    Just an observation, I recently did a hard reset of both my ATP units, and upon reboot, I noticed that there were still remnant entries in the Device Insight. I think that’s not to be expected as everything else in the settings were reset.

    Neither the less, I just delete the entries and the ATP re-detects them again after a while, maybe in 15-20min or less.

    I’m not sure if my input has helped your situation. Maybe a complete hardware reset?


    Regards,


    Kunz

  • Zyxel_James
    Zyxel_James Posts: 663  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 100 Answers
    edited August 2023

    @Loek I would like to clarify the issue again. Please make sure your device is directly connected to the firewall because the identification might not be correct if the clients cross another router or layer 3 device.


    Is it only happen to specific devices? or any devices won't be displayed on the Device Insight entry?
    I wonder if it's a display issue, please input CLI to check if there is any device insight entry: Router#show device info all

    Moreover, input CLI: Router#debug system ps | match "deviceid", I would like to check the result, thanks

  • Loek
    Loek Posts: 10  Freshman Member
    First Comment Sixth Anniversary
    edited August 2023

    @Zyxel_James

    There is no other router in play here, only some (managed) switches, everything on the same subnet.. The list was displaying fine until I remove all entries a while ago in an attemp to cleanup incorrect identifications.

    The results of the above commands on CLI:

    Router# show device info all
    Router# debug system ps | match "deviceid"
    8266 1 deviceid root ? 19 0 0.0 0.1 Sl 34164 2148 25944 8541 Aug 12 3-12:50:57 00:00:01 /usr/sbin/deviceid
    Router#

    @Kune

    With a hard reboot, do you mean just restarting the device, or a full reset to factory default?

Security Highlight