Skip to main content
Toshi_Esumi
SuperUser
Toshi_Esumi
SuperUser
March 1, 2024
Solved

num of MAC address limit in SSL VPN filtering

  • March 1, 2024
  • 2 replies
  • 4104 views

When we configure this SSL VPN MAC address filtering, what system limit would dictate the max number of MAC addresses we can configure on an FGT (no vdom/muti-vdom)?
https://community.fortinet.com/t5/FortiGate/Technical-Tip-MAC-address-check-on-SSL-VPN-connections/ta-p/194337

The max value table doesn't seem to have the exact matching object.
https://docs.fortinet.com/max-value-table

Toshi

    Best answer by hbac

    Hi @Toshi_Esumi,

     

    Yes, https://docs.fortinet.com/max-value-table doesn't show that information. However, you can run 'print tablesize' command and look for the following lines:

     

    vpn.ssl.web.portal:mac-addr-check-rule: 0 0 0
    vpn.ssl.web.portal:mac-addr-check-rule:mac-addr-list: 0 0 0

     

    For more information, please refer to https://community.fortinet.com/t5/FortiGate/Technical-Note-FortiGate-maximum-values-table/ta-p/192474

     

    Regards, 

    2 replies

    hbac
    Staff
    hbacAnswer
    Staff
    March 1, 2024

    Hi @Toshi_Esumi,

     

    Yes, https://docs.fortinet.com/max-value-table doesn't show that information. However, you can run 'print tablesize' command and look for the following lines:

     

    vpn.ssl.web.portal:mac-addr-check-rule: 0 0 0
    vpn.ssl.web.portal:mac-addr-check-rule:mac-addr-list: 0 0 0

     

    For more information, please refer to https://community.fortinet.com/t5/FortiGate/Technical-Note-FortiGate-maximum-values-table/ta-p/192474

     

    Regards, 

      Toshi_Esumi
      SuperUser
      Toshi_EsumiAuthor
      SuperUser
      March 1, 2024

      Not sure why 'grep' doesn't work for this command, but I got the same all '0's on our multi-vdom 1500D as well. I guess '0' means no hard limit.

      The explanation in the KB for the first number says below but not clear to me.
      "1) The first number refers to the maximum number allowed for the child table in its parent entry."
      Could you elaborate a little more?

      Toshi

       

      Toshi_Esumi
      SuperUser
      Toshi_EsumiAuthor
      SuperUser
      March 4, 2024

      Does anyone have the answer about the meaning of the first number, especially for the meaning of the "child tabple" and the "parent table?

      Toshi

      sawyer8
      sawyer8
      New Member
      March 1, 2024

      This is good to know, thank you. We are restricting our enterprise apps to be able t be accessed only if you are on our internal network with an SSO provider. It is working. we have restricted the log in from our SSO to only let the user log in if they are inside our network. when we do "what is my ip" the entire company gets the same public IP https://mobdro.bio/

      Terms & ConditionsAccessibility statement