One of the features available on WatchGuard’s T- and M- series devices is Network Discovery. This is a feature that allows you to scan the interfaces on your firewall to determine what devices you have connected. With this feature, you can gain information on your network devices such as their MAC address, Host Name, and operating System.
Network Discovery is included in the Basic Security Suite package for T- and M- series firewalls, and is available as long as your device is running at least 11.11 firmware.
Accessing Network Discovery
Network Discovery is available for use through the WatchGuard Web UI. You can access your firewall’s web interface by navigating to https://<IP of Firewall>:8080. Then, you will need to log in with your admin/config account.
Once logged into your firewall’s web interface, look for Network Discovery under Dashboard on the left navigation menu.
Performing a Network Discovery Scan
Next, you will need to enable the Network Discovery feature. Select the Enable Network Discovery link, and then check the box for Enable Network Discovery.
Once Network Discovery is enabled, there are two ways that you can start the scan. The first is to select the Scan Now option. Then select the interface you would like to scan.
The second method is that you can select the interface you would like to scan, and then choose a recurring scan schedule.
Reviewing Scan Results
Depending on the number of devices on your network, your Network Discovery scan may take some time to complete. Once the scan finishes, you will be able to see a map of the interface you chose to monitor.
You can click on the network that was scanned, and you will see a break-out of the devices that were identified.
If you hover over a device that was found, you will see more details on it, including the IP address, MAC address, and Host Name.
If you click on Remember Device, you can mark this as a trusted device.
Gathering Further Details on Devices
Once your scan is complete, you can click on the Device List tab to see all of the devices that have been scanned.
If you select a device and click the View Device option, this will give you the ability to see more detail. You will first see the option to view the device in Firewatch or Traffic Monitor. This will allow you to easily monitor the traffic for this particular machine.
If you select the Scanned Ports tab, you can see the ports that were shown to be open on the device. You can use this information to determine if there are points in your network that need to be secured.
Being aware of the devices on your network is always important in securing your environment. If you do not currently have the Basic Security Suite or need assistance in ensuring your device’s firmware is up-to-date, CONTACT US.