Overview of Devices and Device Groups

This section describes basic concepts of devices and device groups.

Devices are identified using device types, such as Huawei-Android, Lenovo-Android, and HP-JetDirect-Printer. In certain scenarios, user permissions need to be controlled based on device types. For example, one user should be assigned different network access permissions for the personal and company-allocated devices; fixed and mobile devices should be assigned different permissions. In these cases, you can reference devices in security policies to control user permissions.

By default, the FW has no devices. The Agile Controller SSO function is required to implement the permission control over devices:

1. The Agile Controller server is enabled to identify device types. The FW is configured to import device types from the Agile Controller server.
2. A device-based security policy is configured on the FW.
3. The device type information carried in the login message sent to the FW for the Agile Controller SSO user matches the security policy.

A device group is a set of devices. Configuring a device group facilitates management and control over a type of devices. By default, the FW has three predefined device groups, namely, pc, mobile-terminal, and undefined-group. After importing devices from the Agile Controller server, the FW will automatically assign them to specific predefined device groups.

You cannot delete or rename these predefined groups but can modify their members. You can also define device groups and add imported devices to these groups.