Device enrollment is fully automated. Normally, no action is required as devices are listed automatically by its broadcast name, such as “ Johnny’s iPhone “.
Data is gathered from:
- NETBIOS
- DHCP
- Service Discovery
- ARP
When the above data sources don’t provide a name, the fallback is the first IP address encountered from a given MAC address.
Having the MAC address visible provides you with the best ability to control your Policies, which will follow the MAC address. In other words, if a device changes IP address, the Policy will still apply. If the MAC address listed on the dashboard does not match, that means that layer 2 visibility is not available. This can happen in the following circumstances:
- A router is between your filtering service and the device
- A bridge is between your filtering service and the device
Furthermore, the following are conditions where the broadcast name (NETBIOS) name may be unavailable to the filtering service:
- Device has a firewall turned on
- Device has NETBIOS bindings disabled
- Filtering is run on a stand-alone mode (vs gateway mode)
Enrollment happens automatically upon the first received DNS query. Devices remain in the list until they are deleted/forgotten.