Web Filtering - Device OS not recognized / device-specific authentication not working

I wonder if you may have found a bug.   Have you opened a support case yet?

I have a small number of cell phones allowed on my network, so I parsed several days of log files to see if I could find them.   So far, I only see entries with device=0.  But I do not yet have a formal test with a specific phone on a known IP browsing a specific website.   I may pursue that in a few days.

Are you getting a UA string that indicates the phone browser identity was captured?   I have not yet found one, so my results may still be meaningless.

Running 9.506-2

Hi Douglas,

"feels" like a bug :)

DouglasFoster said:

 

Are you getting a UA string that indicates the phone browser identity was captured?   I have not yet found one, so my results may still be meaningless.

Running 9.506-2

 

Provided a snippet of the log where you can see slightly some windows machines which provide correct os and browser information.

The i-devices do the same. But they aren´t categorized.

As i have read the instructions this should be the case all along... :-/

Greez Marc

ok... now i provided...

What version of iOS is this device running? Has it been upgraded to iOS 12 recently?

Hello guys,

i have the same issure with the UTM Version 9.506 and IOS 12.1

How it is with the 9.510 or 9.6?

Does anyine know how devuce detection works?  I am guessing it parses the useragent text, but support level 1 did not know.

Also, I established that device data is only captured when device-specific authentication is enabled, but you already have that set.

Does anyine know how devuce detection works?  I am guessing it parses the useragent text, but support level 1 did not know.

Also, I established that device data is only captured when device-specific authentication is enabled, but you already have that set.

Device detection uses a combination of TCP packet signatures and other factors. User-agent is used as a secondary factor where TCP signatures do not provide enough information.

TCP packet signatures have the advantage of being able to determine very quickly on every connection and work even on encrypted (SSL/TLS/HTTPS) traffic. But User-agent is only visible for HTTP traffic, not HTTPS. Where we are relying on secondary factors that cannot be evaluated on every flow, we rely more heavily on storing/caching device information on a per-IP basis, which can sometimes lead to incorrect assessments persisting.

A major area where TCP signatures are not distinct enough is with recent versions of Apple's operating systems. User-agent is critical right now for distinguishing between iOS and MacOS.

Thx, RichBaldry for the for the detailed explanation.
So i activate for Macos and Ios to the same device-specific authentication ;-)