Device enrollment is fully automated. Normally, no action is required as devices are listed automatically by its broadcast name, such as “ Johnny’s iPhone “.
Data is gathered from:
- NETBIOS
- DHCP
- Service Discovery
- ARP
When the above data sources don’t provide a name, the fallback is the MAC address.
Having the MAC address visible provides you with the best ability to control your Policies, which will follow the MAC address. In other words, if a device changes IP address, the Policy will still apply. If the MAC address listed on the dashboard does not match, that means that layer 2 visibility is not available. This can happen in the following circumstances:
- A router is between your filtering service and the device
- A bridge is between your filtering service and the device
Furthermore, the following are conditions where the broadcast name (NETBIOS) name may be unavailable to the filtering service:
- Device has a firewall turned on
- Device has NETBIOS bindings disabled
- Filtering is run on a stand-alone mode (vs gateway mode)
Enrollment happens automatically upon the first received DNS query. Devices remain in the list until they are deleted/forgotten.