Feature Request - Better Identification of Unidentified Devices on Reports

Might be a little more effort than you're wanting to exert but a solution to this is to utilize DHCP-MAC Reservations in your DHCP Server and configure clientless users based on IP if your current infrastructure doesn't support a domain environment. Another alternative to STAS is Central Sync, Heartbeat will allow you to identify a user and it's associated IP address if you have a dynamic shared space environment where a user isn't necessarily tied to a particular machine...

Just some ideas! 

Let's think about this, if the Sophos is the DHCP server it already has all of the information needed to identify a client it is leasing an address to. It has the MAC, it can usually get the host name, and obviously it knows the IP address. How hard would it be for Sophos to create a script that takes that info and automatically creates a clientless profile for that machine? Maybe we could have that as a checkbox or radio button on the DHCP page, Automatically create clientless profile? Y/N? Some machines such as servers never have anyone logged in so they are never identified in reports. Same holds true for other devices like cell phones, printers, IP cameras,  IoT devices. It isn't the known devices we are worried about, it is the unknown. When I see a large amount of traffic in my reports coming from "Unidentified" that is rather disconcerting on a device that touts itself as "identity based". The XG should try to get as much identity information as possible and present what it knows to the user, we should not have to go digging for information we know is there and easily accessible.

Hi JTB,

some of the issue is that the DHCP server is not used by all functions within the XG, in fact not all objects are accessible from all the points you would expect to seem them eg you have to re-creatre objects to use in some firewall rules.

One day when Sophos finally decide to make a common objects database within XG, creating rules and reports will be a lot more sensible as well as easier. This issue is an ongoing issue/concern for many users of the XG.

Ian

I agree on the idea. The problem is the missing links between different pgres tables. Information is there but tables are not linked.

Reporting and logging are already ver slow and I think that without a re-engineering process, they are struggling to add more references. This is my point of view.

Try to export iphosts from export feature and you will see how slow is the export. You wait for more than 2 minutes for an xml file compressed in tar.

For sure, Sophos need to optimise the resources before adding layers and layers and features on it.

Hi Luk,

"For sure, Sophos need to optimise the resources before adding layers and layers and features on it."

Wasn't that why they bought Cyberoam instead of improving the UTM because it was becoming bloated with so many features that worked and customers wanted?

Ian

Hi Luk,

"For sure, Sophos need to optimise the resources before adding layers and layers and features on it."

Wasn't that why they bought Cyberoam instead of improving the UTM because it was becoming bloated with so many features that worked and customers wanted?

Ian