Skip to main content
joko
joko
New Member
May 15, 2018
Question

filter Port Forwarding By Mac Address

  • May 15, 2018
  • 2 replies
  • 8404 views

hi all,

 

I create port forwarding for my server to be accessed from outside for few users is it possible to filter users based on mac addresses so  only registered MAC Address users can access this server and please show me how ??? 

 

Thanks in advance for help.

    2 replies

    Nicholas_Doropoulos
    Nicholas_Doropoulos
    New Member
    May 15, 2018

    It should be possible if you try the following:

     

    1) Port forwarding is done with a VIP on Fortigate. As such, you would have to create a New Virtual IP under Policy & Objects > Virtual IPs. Your server's IP address would have to go into the "Mapped IP Address/Range" field which would then be mapped to an IP address with the same subnet mask as the source in the "External IP Address/Range" field. Enable Port Forwarding and supply the same port in both fields. Repeat the same process for every server you wish to grant access to.

     

    2) Then navigate to User & Device > Custom Devices & Groups and specify the device's MAC address there along with all other necessary details. Repeat the same process for every other device you want to allow traffic from.

     

    3) Next, create a new Device Group under User & Device > Custom Devices & Groups and select all previously configured devices as "members".

     

    4) Finally, create a new policy under Policy & Objects > IPv4 Policy. Select the Device Group as the source and the VIP as the destination. 

     

    I hope the above helps.

    joko
    jokoAuthor
    New Member
    May 16, 2018

    Hi nick,

     

    Have you configured your laptop under Custom Devices & Groups? If yes, is that object included somewhere else (i.e. another policy etc.)?

    ==> Yes i configure my laptop under custom devices and groups, NO im not use this on other policy 

     

    Have you configured any other Custom Devices & Groups? If yes, put one of them as the source just to see if the problem would occur with them too.

    ==> I'll try this today and update To you

     

    Thanks,

     

    joko
    jokoAuthor
    New Member
    May 16, 2018

    Hi Nick,

     

    Thanks for advance, I've done the steps you mentioned but it still does not work hare I attach my Policy use " Source from my laptop" , but when I change the source To all It can be work....is there something I might have missed

    Note : 

    i Use Fortigate 201 E 

    v5.6.4 build1575 (GA) 

     

     

     

    Nicholas_Doropoulos
    Nicholas_Doropoulos
    New Member
    May 16, 2018

    Hi Joko,

     

    Could you confirm the following please:

     

    - Have you configured your laptop under Custom Devices & Groups? If yes, is that object included somewhere else (i.e. another policy etc.)?

     

    - Have you configured any other Custom Devices & Groups? If yes, put one of them as the source just to see if the problem would occur with them too.

     

    Many thanks.

    Terms & ConditionsAccessibility statement