What detection methods does FortiGate use to identify OT devices?

FortiGate uses multiple detection mechanisms including MAC address identification, analysis of residual traffic like ARP and DHCP requests, FortiGuard database lookups, and application control signatures. Enabling SSL certificate inspection provides additional device intelligence from security headers.

Can the Purdue model device categorization be customized?

Yes, while the FortiGate automatically assigns devices to Purdue model levels based on device type and network interface, administrators can manually reassign devices in the asset identity center to match their actual environment deployment.

Discovering OT Assets and Vulnerabilities with FortiGate

Name: Discovering OT Assets and Vulnerabilities with FortiGate
Uploaded: 2026-05-08T19:18:16-04:00
Duration: 5 min 51 s
Description: Understanding what devices you have in your environment is the first step on any security journey. Industrial environments that operate for decades grow over time with plenty of hidden devices...

Fortinet

05/08/2026

0 (0%)

Report Like Favorite

TL;DR

FortiGate firewalls can discover OT devices using MAC addresses, network traffic analysis, and FortiGuard database lookups without requiring additional discovery tools.
Device detection is enabled at the interface level and works across VLANs representing different Purdue model levels in industrial environments.
Enabling application control profiles adds vulnerability intelligence, automatically identifying CVEs associated with discovered hardware and software combinations.
The asset identity center provides both list and Purdue model views, with automatic device categorization that can be manually adjusted to match actual deployments.

OT Asset Discovery Challenges and FortiGate's Approach

Industrial control system environments present unique visibility challenges as they evolve organically over years or decades, accumulating devices from multiple vendors and generations—some with unpatched vulnerabilities. This demonstration walks through FortiGate's device detection capabilities in a simulated OT environment spanning multiple levels of the Purdue model. The setup pairs a FortiGate firewall with a FortiSwitch managed via FortiLink, creating VLANs for process, control, monitoring, and operations networks. Device detection is enabled at the interface level, allowing the firewall to identify assets through MAC addresses, residual traffic like ARP and DHCP, and FortiGuard database lookups.

Building Device Profiles with Application Control

The demonstration shows how enabling application control profiles on firewall policies significantly enriches device intelligence. By applying OT-specific application signatures and SSL certificate inspection, the FortiGate identifies not just device types but also known vulnerabilities—including specific CVEs for command injection and buffer errors on discovered hardware. The asset identity center displays devices arranged in a Purdue model view, automatically categorizing them by type and network location while allowing manual reassignment. Fortinet positions this combined discovery and security capability as a differentiator, noting that while specialized discovery tools exist, FortiGate uniquely integrates asset identification with industrial firewall controls and virtual patching capabilities.

Chapters

0:00 - OT Visibility Challenges
0:55 - Lab Topology Overview
1:37 - Configuring Device Detection
2:14 - Initial Device Discovery
3:25 - Adding Application Control
4:10 - Vulnerability Identification
5:00 - Purdue Model Asset View

Key Quotes

0:17 "Gaining visibility into the devices in your environment is something that we can tackle with a FortiGate firewall."
1:06 "The switch is integrated and managed by the FortiGate using the FortiLink interface, letting the switch act as an extension of the firewall."
4:26 "Using application control, we now know about potential vulnerabilities. We can see that this hardware and software combination has a known command injection and a buffer error vulnerabilities."
5:24 "While there are many vendors that specialize in device discovery, FortiGates are unique in that they combine discovery with the leading industrial security appliance in the FortiGate firewall."

Categories:

Tags:

Show more Show less

Browse videos

Upcoming Webinar Calendar

05/12/2026

01:00 PM

05/12/2026

Transforming Black Box to Glass Box: Revealing Hidden Threats and AI Risks through Data Lineage

https://www.truthinit.com/index.php/channel/1895/transforming-black-box-to-glass-box-revealing-hidden-threats-and-ai-risks-through-data-lineage/
05/12/2026

11:30 PM

05/12/2026

Implementing Effective Strategies for Active Directory Security and Data Protection

https://www.truthinit.com/index.php/channel/1888/implementing-effective-strategies-for-active-directory-security-and-data-protection/
05/13/2026

01:00 AM

05/13/2026

Transforming the Black Box: Revealing AI Risks and Hidden Threats through Data Lineage

https://www.truthinit.com/index.php/channel/1890/transforming-the-black-box-revealing-ai-risks-and-hidden-threats-through-data-lineage/
05/13/2026

05:00 AM

05/13/2026

Transforming Black Box to Glass Box: Revealing AI Risks and Hidden Threats through Data Lineage

https://www.truthinit.com/index.php/channel/1894/transforming-black-box-to-glass-box-revealing-ai-risks-and-hidden-threats-through-data-lineage/
05/19/2026

01:00 PM

05/19/2026

Establishing a Robust AI Governance Framework for GenAI Throughout Its Lifecycle

https://www.truthinit.com/index.php/channel/1936/establishing-a-robust-ai-governance-framework-for-genai-throughout-its-lifecycle/
05/20/2026

10:00 PM

05/20/2026

APAC: Establishing an AI Governance Framework for GenAI Throughout the Deployment Process

https://www.truthinit.com/index.php/channel/1953/establishing-an-ai-governance-framework-for-genai-throughout-the-deployment-process/
05/21/2026

11:00 AM

05/21/2026

The Autonomous Era: Orchestrating a Resilient Enterprise

https://www.truthinit.com/index.php/channel/1372/the-autonomous-era-orchestrating-a-resilient-enterprise/
05/27/2026

04:00 AM

05/27/2026

Rivoluziona i rischi dell'AI in opportunità con Netskope AI Security

https://www.truthinit.com/index.php/channel/1925/rivoluziona-i-rischi-dellai-in-opportunità-con-netskope-ai-security/
05/28/2026

10:00 AM

05/28/2026

Harnessing AI: Transforming Perception into Purposeful Mastery

https://www.truthinit.com/index.php/channel/1924/harnessing-ai-transforming-perception-into-purposeful-mastery/
05/28/2026

01:00 PM

05/28/2026

AI in the Fast Lane: Effectively Managing AI Security for Small Teams

https://www.truthinit.com/index.php/channel/1951/ai-in-the-fast-lane-effectively-managing-ai-security-for-small-teams/
06/02/2026

01:00 PM

06/02/2026

Satori Spring: Insights from Recent Research on the 2026 Threat Landscape

https://www.truthinit.com/index.php/channel/1930/satori-spring-insights-from-recent-research-on-the-2026-threat-landscape/
06/04/2026

02:00 AM

06/04/2026

Mastering the Unseen: Managing Shadow AI and Agentic MCP Traffic

https://www.truthinit.com/index.php/channel/1948/mastering-the-unseen-managing-shadow-ai-and-agentic-mcp-traffic/
06/16/2026

07:00 AM

06/16/2026

Transforming Data Risk into Actionable Priorities: What to Address First

https://www.truthinit.com/index.php/channel/1952/transforming-data-risk-into-actionable-priorities-what-to-address-first/