FortiOS 6.2.0 - custom device / group workaround

Forum|Forum|7 years ago
April 16, 2019
1 reply
3769 views

Anyone having issues with the removal of custom device / groups in FortiOS 6.2.0, review the following link to see if using MAC address objects is a workaround.

https://docs.fortinet.com/document/fortigate/6.2.0/new-features/485133/mac-addressed-based-policies

You can achieve the same result as the custom device / groups, all be it having to setup everything again.

SMabille

New Member

Hi James,

While in theory it's a good idea, in reality it's impossible. Even without MAC randomisation, Apple MACs are impossible to group. I had a quick look before replying and beside a batch of iPhone X bought all together none of them have the same 3 first MAC byte, and there are plenty of other devices in between to make any group (and that's before trying to recognise iPhone from iPad), and would requires lots of maintenance and create issue each time Apple (or other vendors) start using a new group.

Active OS/devices recognition as per 6.0.x (and previous) is a key functionality/differentiator for several customers as it really simplify SSL interception (bypass/exception)

James_G wrote:
Anyone having issues with the removal of custom device / groups in FortiOS 6.2.0, review the following link to see if using MAC address objects is a workaround.

https://docs.fortinet.com/document/fortigate/6.2.0/new-features/485133/mac-addressed-based-policies

You can achieve the same result as the custom device / groups, all be it having to setup everything again.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded