FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vanitha
Staff
Staff
Description
This article explains how to block computers based on MAC address when device identification is used.

Solution
i.) Create user device:

config user device
edit Test
set mac 01:12:13:14:15:16 <---the mac_address you need to block
next
end

Above can be configured from GUI , User & device -> Device -> Device definition -> Create new then create the entry for the mac address .

vanitha_FD35068_tn_van1.jpg

The following steps need to configured from CLI and cannot be configured from GUI

ii.) Create device-access-list and select the above device in it

config user device-access-list
edit Black-list
config device-list
edit 1
set device "Test"
set action deny
next
end
next
end

iii.) Enable the device-access-list under the respective interface:

config system interface
edit
set device-identification enable
set device-access-list Black-list
next
end


Contributors