Allowing specific source mac address for VPN

Forum|Forum|5 years ago
January 19, 2021
1 reply
14336 views

Hi Experts,

Kindly advice configuring Fortigate 100E for allowing specific source mac address device for vpn access, pls. suggest.

Thanks

VPN

Toshi_Esumi

SuperUser

I haven't done but would try below on the VPN policies if you're running 6.2 or above.

https://docs.fortinet.com/document/fortigate/6.2.0/new-features/485133/mac-address-based-policies

emnoc

New Member

A mac address policy do work but I advise with mac address changer, anybody can circumvent this.

If you concern about security I would not trust mac address objects I could change my address to match your allow range or place a simple device between me and the "lan" to snat and manually set the src.ether-mac to match you allowed rules.

How we would find possible src mac.addr is to do a passive sniff on the interface and record the vendor mac address that are used.

Ken Felix

Ricky_MartinAuthor

New Member

Thank emnoc

As I know, our users are not that mature to manipulate the mac but it adds one addl. layer of security, kindly advice whether domain users can be allowed using their own credentials for accessing vpn?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded