Created on 11-24-2021 02:25 PM Edited on 11-24-2021 02:31 PM By Anonymous
Description | This article discusses how to configure IP to MAC binding settings on FortiGate device. |
Scope | FortiOS v6.0 and later. |
Solution |
IP/MAC binding protects the FortiGate unit and/or the network from IP address spoofing attacks. IP spoofing attacks attempt to use the IP address of a trusted computer to connect to, or through, the FortiGate unit from a different computer. It is simple to change a computer’s IP address to mimic that of a trusted host, but MAC addresses are often added to Ethernet cards at the factory, and are more difficult to change. By requiring that traffic from trusted hosts reflect both the IP address and MAC address known for that host, fraudulent connections are more difficult to construct. edit {seq-num} ---> Sequence number for IP to MAC address pairs in the IP/MAC binding table. set ip {ipv4 address} ---> IPv4 address portion of the pair (format: xxx.xxx.xxx.xxx), source user system ip address next end
example : #config firewall ipmacbinding table edit 1 set ip 172.31.139.62 next end
2). Need to configure the IP/MAC binding settings. Configuration: set bindthroughfw [enable|disable] --->Enable/disable use of IP/MAC binding to filter packets that would normally go through the firewall. end
set bindthroughfw enable end
3). Enable ipmac on incoming interface i.e. LAN/DMZ[trusted interface] edit "port2" set vdom "root" next end
Verification : FGT1# diagnose firewall ipmac list FGT1 # diagnose firewall ipmac status
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.