Skip to main content
A
Anonymous_User
Contributor
March 7, 2006
Question

static IP/MAC bindings

  • March 7, 2006
  • 3 replies
  • 8321 views
My unit is fortigate 60 MR7, On Fotigate Maximum Values Matrix Technical Bulletin, there is 256 Static IP/MAC bindings in Firewall->IP/MAC Binding->, what is it? On my firewall policy, I can' t see any static IP/MAC binding.

    3 replies

    A
    Anonymous_UserAuthor
    Contributor
    March 7, 2006
    It' s not in the Firewall section as it doesn' t really relate to firewall policies. It' s for assigning static IP' s to DHCP clients under " System" , " DHCP"
    A
    Anonymous_UserAuthor
    Contributor
    March 8, 2006
    Actually Brad, it lists it in two places in the document that kcpc refers to. I had trouble finding the FortiGate Maximum Values Matrix Technical Bulletin v2.80 MR9 on the Fortinet site so I googled it (and viewed it as HTML to speed up my viewing.) In the FortiGate Maximum Values Matrix Technical Bulletin v2.80 MR9 under the System section and under the DHCP subsection, the table has a row that is labeled DHCP IP/MAC Bindings. The column for the Fortigate 60 line shows a value of 20. Then, if you scroll down to the Firewall section in the IP/MAC Binding subsection there is another table row labeled Static IP/MAC bindings. Here the column for the Fortigate 60 line shows a value of 256. kcpc, I' m not sure what the values under the Firewall section refer to. I do know that the section under the System section and under the DHCP subsection refers to a method of assigning an IP address to the same network interface each time the node asks for an IP lease. The DHCP server will actually reserve an IP address and only give it to the device that says it has whatever MAC address is configured (by you) for that IP. This can be handy if you' d rather not assign static IPs at the client level. If you already know all this - sorry :) I' m curious as to what the Static IP/MAC bindings row of the Firewall section refers to also. I wish the Fortigate 60 (as a DHCP server) could bind 256 IPs because my Fortigate 60 can only do 20 and I need about 50 more. I got pricing on the device that could bind 100 IPs - it far exceeded our budget so now I need to run DHCP on our W2k3 server or on our Asterisk phone server (Linux). Only a mild irritation I guess.
    abelio
    SuperUser
    abelio
    SuperUser
    March 8, 2006
    ORIGINAL: Thom I' m curious as to what the Static IP/MAC bindings row of the Firewall section refers to also.
    ipmacbinding within Firewall section refers to the posibility of allow/deny traffic not defined in your IP/MAC binding table; you' ll need CLI to play with this. As you' ve pointed out, you have 256 of this Ip/Macs bind within FTG-60 DHCP IP/MAC binding is another feature
    I wish the Fortigate 60 (as a DHCP server) could bind 256 IPs because my Fortigate 60 can only do 20 and I need about 50 more. I got pricing on the device that could bind 100 IPs - it far exceeded our budget so now I need to run DHCP on our W2k3 server or on our Asterisk phone server (Linux).
    Besides matrixproduct says, CLI guide talk about you can create up to 50 IP/MAC binding pairs. Did you tried go beyond 20 with CLI?
    A
    Anonymous_UserAuthor
    Contributor
    March 8, 2006
    I haven' t tried in the CLI. I did try to import via a config file. I also had a Fortinet tech confirm the limitation. I might try the CLI
    A
    Anonymous_UserAuthor
    Contributor
    March 14, 2006
    My mistake! I didn' t even realize that there' s a separate IP/MAC binding section for firewall polices available via the CLI. (Further to abelio' s explanation, you' d use the IP/MAC binding table for firewall policies if you wanted to ensure that specific IP addresses couldn' t be spoofed to bypass the firewall rules.) Unfortunately, it sounds like the FGT-60 model doesn' t allow for more than 20 DHCP IP/MAC bindings.
    Terms & ConditionsAccessibility statement