Network Discovery

If your Firebox runs Fireware OS v11.11 or higher and includes an active subscription to the Network Discovery feature in the feature key, on the Dashboard > Network Discovery page, you can see a tree map view of all the devices on your network that are connected to the interfaces on your Firebox. You can see this detailed information for each connected device:

  • IP address
  • MAC address
  • Host name
  • Operating system
  • Open ports
  • Device type (for devices found by Mobile Security)

Network Discovery is only supported on Firebox M Series, T Series, FireboxV, and XTMv devices.

When you enable the Network Discovery feature on your Firebox, the process load increases and consumes additional memory. This could noticeably affect the performance of your Firebox, particularly if you have a large network. Make sure to only enable the Network Discovery feature if you plan to use it. To help minimize the performance impact on your Firebox, we recommend that you configure the Network Discovery Scan settings to only scan the networks that you must monitor.

See Devices on Your Network

The Network Map is organized by interface, in a tree map. Interfaces are on the first level, subnets are on the second level, and devices are on the third level. Each interface can have several subnets.

The connections between interfaces, subnets, and devices are indicated by the branch lines of the tree map. If there are distant network connections to your network, they appear at the last level, behind a device, and appear as a dotted line, which indicates that there could be more than one connection between the device directly connected to you network and the endpoints.

Screenshot of the network map

Run a Scan

To see the devices on your network, if you are logged in to your Firebox with Device Administrator credentials, you can run a scan that finds all the devices connected to your network. You can schedule a scan to run automatically, or run an on-demand scan. Scan times can vary based on network conditions, which can include the size of your network, how many hosts are active, and how many services are enabled. On-demand scans take longer to complete than scheduled scans.

An on-demand scan has three stages:

  • Quick Host discovery phase — Finds basic information about each device to organize the interfaces and connected devices in the map
  • TCP and OS phase — Finds more detailed information, such as the TCP port and the OS on the device
  • UDP and Service Version phase — Finds the UDP port and services versions

To schedule a scan, configure the Network Scan settings, which specify the interfaces that are included in the scan and at what frequency the scan runs.

For more information about how to configure scheduled scan settings or run an on-demand scan from the Network Scan page, see Network Discovery.

To run an on-demand scan from the Network Discovery page:

  1. At the top-right of the Network Discovery page, click Scan Now.
    The Scan Now dialog box appears.

Screenshot of the Scan Now dialog box

  1. From the drop-down list, select a scan option:
  2. If you selected Scan the following interfaces, select the check box for each interface to scan.
    If you selected Scan the following networks, type each network to scan and click Add.
  3. Click Scan.
    The Firebox runs the network scan.

To stop an on-demand scan before it completes:

At the top-right of the page, click Stop Scan.

See Scan Details

While the network scan runs, you can view the details of the progress of the scan. Details include:

To see scan details:

  1. At the top-right of the page, click Show Details.
    The Scan Details dialog box appears.

Screenshot of the Scan Details dialog box

  1. Review the details of the current scan.
  2. Click OK.

After the network scan has completed, the devices appear in the Network Map and Devices List tabs. Devices remain in the map and list until they are removed because:

  • A new on-demand or scheduled scan does not find the device
  • No on-demand or scheduled scan has run for seven days
  • No traffic was found for a mobile device for more than two hours; a mobile device is removed from the map after seven days with no response

Use the Network Map

After a manual or scheduled scan has completed, you can use the Network Map to see all the devices connected to your network and see details about each connected device.

Zoom In and Out

You can use your mouse wheel to zoom in and out on the Network Map.

Screenshot of network map with zoom to fit button

You can use your mouse wheel to zoom in and out on the Network Map.

Screenshot of network map with zoom to fit button

You can use your mouse wheel to zoom in and out on the Network Map.

Screenshot of network map with zoom to fit button

You can use your mouse wheel to zoom in and out on the Network Map.

Screenshot of network map with zoom to fit button

You can use your mouse wheel to zoom in and out on the Network Map.

Screenshot of network map with zoom to fit button

You can use your mouse wheel to zoom in and out on the Network Map.

Screenshot of network map with zoom to fit button

You can use your mouse wheel to zoom in and out on the Network Map.

Screenshot of network map with zoom to fit button

You can use your mouse wheel to zoom in and out on the Network Map.

Screenshot of network map with zoom to fit button

You can use your mouse wheel to zoom in and out on the Network Map.

Screenshot of network map with zoom to fit button

Click Nodes to Expand the Map

You can click each node in the map to expand it and see the connections to that node.

Screenshot of the network map

You can click each node in the map to expand it and see the connections to that node.

Screenshot of the network map

You can click each node in the map to expand it and see the connections to that node.

Screenshot of the network map

You can click each node in the map to expand it and see the connections to that node.

Screenshot of the network map

Zoom to Fit

You can change the zoom of the expanded Network Map so all nodes and devices are visible on the page.

Screenshot of the Network map tab with zoom to fit button

You can change the zoom of the expanded Network Map so all nodes and devices are visible on the page.

Screenshot of the Network map tab with zoom to fit button

You can change the zoom of the expanded Network Map so all nodes and devices are visible on the page.

Screenshot of the Network map tab with zoom to fit button

You can change the zoom of the expanded Network Map so all nodes and devices are visible on the page.

Screenshot of the Network map tab with zoom to fit button

Reset the Map View

When you the map nodes are expanded, you can reset the map to the initial collapsed view.

Screenshot of the network map with reset view button

To reset the map view, click Reset View.

Screenshot of the network map with reset view button

The map view returns to the original view, which shows only the interfaces, networks, and idle devices.

Screenshot of the network map with reset view button

Review the Device List

On the Device List tab, you can see all of the devices connected to your network in a list.

Screenshot of the Device List tab

The list includes this information for each device:

  • Status — The status of the device at the last scan and, if available, a scan details indicator icon.
    • the Green Cross icon — The device was found on the network the last time it was scanned.
    • the Green Dot icon — The device has sent traffic in the last two hours.
    • the Yellow Dot icon — The device has not sent traffic in the last two hours.
    • If Mobile Security is enabled, and the device was discovered by a Mobile Security scan, a device-specific icon appears.
  • Device — The name of the device. If the device name cannot be detected, a host name or IP address appears in this column.
  • IP Address — The IP address of the device.
  • Device Type — The type of device. For a mobile device, the type of mobile device appears, such as Android or iPhone. If the device type is not available, this column is empty.
  • OS Version — The OS version on the device.
  • Last Seen — The last time the device was online when a scan occurred.
  • Approved — Whether the device has been designated as approved. When you edit the device details, you can specify whether a device is approved. An Approved Device remains in the Network Map when it is offline. Offline devices that are approved appear in the Idle Devices branch of the Network Map.

View Device Details

You can see the details for a device from the Network Map tab or from the Device List tab.

  1. From the Network Map tab, place your cursor over the device.
    The device information dialog box appears.

Screenshot of the network map with Android device

Example of an Android device

From the device information dialog box, you can quickly see the basic device details. You can also open FireWatch or Traffic Monitor to see details about the device connections, or click Remember Device to edit the device information.

Screenshot of network map with Windows laptop device

Example of a Windows laptop device

From the device information dialog box, you can quickly see the basic device details. You can also open FireWatch or Traffic Monitor to see details about the device connections, or click Remember Device to edit the device information.

Screenshot of the network map with device found by a network scan

Example of a device found by a network scan

From the device information dialog box, you can quickly see the basic device details. You can also open FireWatch or Traffic Monitor to see details about the device connections, or click Remember Device to edit the device information.

To see the full details for the device, from the Network Map tab, click the device.

From the Device List tab, select the row of a device and click View.
Or, in the Device column, click the device name.

Screenshot of the Device List tab

The Details page appears for the device.

Screenshot of the Details page for the device

Example of the Details page for an Android device

Screenshot of the Details page for a Windows laptop device

Example of the Details page for a Windows laptop device

Screenshot of the Details page for a device found by a network scan

Example of the Details page for a device found by a network scan

The details that appear depend on the type of device and can include:

  • Host Name — The host name of the device
  • IP Address — The IP address of the device
  • MAC Address — The MAC address of the device
  • Device Type — The type of device, such as Android, iPhone, or Windows. If the device type is not available, this line is empty
  • OS Version — The OS version on the device
  • Last Seen — The last time the device was online when a scan occurred
  • Discovered By — The scan type that detected the device
  1. To see which groups the device is a member of, select the Device Groups tab.
    The list of groups appears.

Screenshot of the Device Groups page for an Android device

Example of the Device Groups page for an Android device

Screenshot of the Device Groups page for a Windows laptop device

Example of the Device Groups page for a Windows laptop device

Screenshot of the Network Discovery Device Groups tab

Example of the Device Groups page for a device found by a network scan

  1. To see details about which ports the device used to connect to the network, select the Scanned Port tab.
    The Scanned Port tab only appears if the device was discovered by a network scan.

Screenshot of the Scanned Port tab

The details that appear for each port includes:

  • Port — The port number.
  • Protocol — The protocol in use on the port. For example, TCP or UDP.
  • State — The current state of the port.
  • Service — The name of the service in use on the port.
  • Version — The version of the service appears only if it is detected.

Edit Device Details and Forget a Device

To make it easier to identify those devices that often appear in the Network Map, you can edit the details for the devices in the map to add a name and a description. You can also specify whether a device is an Approved Device. An Approved Device remains in the Network Map when it is offline. Offline devices that are approved appear in the Idle Devices branch of the Network Map. The details you specify for a device are saved in the device configuration file for your Firebox.

You can edit the device details from the device information dialog box or from any of the device Details pages. For an approved device, you can change the device details that you specified, or forget the device so it is no longer approved.

To edit the device details for a device that is not approved:

  1. Click Remember Device.

Screenshot of the Remember Device button on the device information dialog box

Example of the Remember device button on the device information dialog box.

Screenshot of the Remember Device button on the Details page

Example of the Remember device button on the Details page.

The Edit Device dialog box appears.

Screenshot of the Edit Device dialog box

  1. In the Name text box, the name from the device automatically appears. You can type a new, friendly name to help you identify the device.
  2. In the Description text box, type a brief description of the device.
  3. To specify that the device is approved, and enable it to appear in the Idle Devices branch when it is offline, select the Approved Device check box.
  4. Click OK.

When you select to remember a device, the Edit and Forget buttons appear in the device information dialog box and on the details page in place of the Remember Device button. If you selected to approve the device, the Approved Device label appears below the device icon.

Screenshot of the device information dialog box with Edit and Forget Device buttons

Example of the device information dialog box with the Edit and Forget Device buttons.

Screenshot of the Network Discovery Details with the Forget Device button

Example of the device Details page with the Edit and Forget Device buttons.

To change the details you specified for a device:

  1. From the device information dialog box or the device Details page, click Edit.
    The Edit Device dialog box appears.

Screenshot of the Edit Device dialog box

  1. Modify the settings.
  2. Click OK.

You can also remove the approved status of a device so it no longer appears in the Idle Devices branch.

To remove the approved status from a device:

  1. From the device information dialog box, or the device Details page, click Forget Device.

Screenshot of the Forget Device confirmation dialog box

  1. Click Yes.

Search for Devices

You can search the network map to find devices that match the specific parameters that you specify. When you run a search, the map is updated to include only the device that match your search parameters.

To run a search:

  1. At the top of the Network Discovery page, click Search.
    The Search dialog box appears.

Screenshot of the Search dialog box

  1. From the Search for devices by drop-down list, select a search category.
    The search parameters that appear depend on the category you select.
  2. Select the parameters for the search.
    The available search parameters are included in the Search Parameters List.
  3. Click OK.
    The network map is updated to include only the devices that match the search parameters you specified.

Search Parameters List

Search Category Search Parameters
Approval Status

Approved Status

  • Approved Device
  • Non-Approved Device
Compliance Status

Compliance Check

  • Passed
  • Failed
  • Unknown
Device Name

Type the mobile device name
You can type all or part of the device name

Device Status
  • New Device
  • Updated Device
  • FireClient Connected
  • FireClient Disconnected
  • Sent traffic in the last 2 hours
  • No traffic sent in the last 2 hours
Device Type
  • Android Device
  • Android Phone
  • Android Tablet
  • iOS Device
  • iPad
  • iPhone
  • Undefined
Discovered By
  • Network Scanning
  • DHCP Detection
  • Exchange Monitoring
  • HTTP Detection
  • SSL VPN Detection
  • IKE Detection
  • Mobile Security
FireClient UUID Type the UUID number of the FireClient on the mobile device
You can type all or part of the UUID number
Host Name Type the host name of the mobile device
You can type all or part of the host name
IP Address Type the IP address of the mobile device
You can type all or part of the IP address
Known/Unknown Status

Known or Unknown Status

  • Known Device
  • Unknown Device
Last Seen
  • Last seen after — Type or select a date
  • Last seen before — Type or select a date
MAC Address Type the MAC address of the mobile device
You can type all or part of the MAC address
Open Port Type the port used for the mobile device connection
You can type all or part of the port number
OS Version Type the OS version on the mobile device
You can type all or part of the OS version
User Name Type the user name associated with the mobile device
You can type all or part of the user name

See Also

ARP Table

See Authenticated Users in Fireware Web UI

Blocked Sites

Components List

DHCP Leases

Diagnostics

Dynamic DNS

FireWatch

Front Panel

Gateway Wireless Controller

Monitor Hotspot Clients

Interface Information and SD-WAN Monitoring

Mobile Security

Processes

Rogue AP Detection

Routes

Server Connection

Traffic Management

Traffic Monitor

Users and Roles

VPN Statistics

Wireless Statistics