How to block internet access by Mac address!

Forum|Forum|10 years ago
February 14, 2016
1 reply
37906 views

Hi all,

I am using fortigate 300C V5.0 .

I want to block internet some Pcs by Mac address,so when i created an policy device identity with Authentication Rules action=Deny,All pcs couldn't access internet.

Kindly help to fix this issues!

Many thanks

forti300c.jpg

MrN3ff

New Member

With v5.2 we've done this a few ways... Only one is leveraging MAC addresses though...

Option 1 - (if machine is permanently blocked from internet)

> Open DHCP monitor > right-click DHCP lease > create/edit IP Reservation > set action "Block"

Option 2 - (if you want all users to authenticate - I use this option since we have many users using the same computer so I can't block a certain machines MAC. Put policies above this policy for internal traffic "ie: intranet sites, services, etc..")

> Create policy: Internal > Src=DHCP scope/all computers > User Group or User > Internet > All > ALWAYS > All

I believe on v5.0 you can find the same settings stated in Option 1 under "System>Network>Interfaces" and look for your internal network handing out DHCP leases (if done locally with Fortigate). Click the "Advanced.." hyperlink and add MAC addresses with appropriate action. Hope some of this helps.

Bromont_FTNT

Staff

Enable "Device Management --> Detect and Identify Devices" on your LAN interface

Under User&Device --> Device --> Device definitions create a group of blocked MAC IDs

In your firewall policy block the device group you need blocked (scales) but allow ALL

New_MemberAuthor

New Member

Thanks for your help!

I already configured fortigate follow your advice but still deny all user access internet.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded