Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sprashant
Staff
Staff

Created on ‎12-27-2024 06:12 AM Edited on ‎12-27-2024 06:14 AM By Community Manager

Article Id 366767

Technical Tip: Adding Bulk MAC addresses on FortiGate

Description This article describes how to add bulk MAC address objects via a script.
Scope FortiGate.
Solution

A list of MAC addresses is quintessential. For this article, the following MAC addresses will be used:

  • 00:1A:2B:3C:4D:5E
  • 1A:2B:3C:4D:5E:6F
  • 3C:4D:5E:6F:7A:8B
  • 7A:8B:9C:1D:2E:3F
  • 9C:1D:2E:3F:4A:5B
  • 5E:6F:7A:8B:9C:1D
  • A1:B2:C3:D4:E5:F6
  • D4:E5:F6:A1:B2:C3
  • 56:34:12:98:67:EF
  • 34:56:78:90:AB:CD

 

Make sure there are no duplicate entries. Use Microsoft Excel to remove them: Technical Tip: Creation and addition of bulk IP address objects)

 

Use any text editor such as Notepad++ that is capable of doing text searches using regular expressions. Paste all the MAC addresses in the text editor. andbring the replace window (Ctrl+H)

Under 'Find what' use regex without quotes: 

  • ((([a-zA-z0-9]{2}[-:]){5}([a-zA-z0-9]{2}))|(([a-zA-z0-9]{2}:){5}([a-zA-z0-9]{2})))

 

For 'Replace with': edit MACaddr-$1\n set type mac\n set mac $1\nnext\n

 

Either select 'Replace' or 'Replace All' (Ctrl+a) to change all the MAC addresses:

 

edit MACaddr-00:1A:2B:3C:4D:5E
    set type mac
    set mac 00:1A:2B:3C:4D:5E
next

 

edit MACaddr-1A:2B:3C:4D:5E:6F
    set type mac
    set mac 1A:2B:3C:4D:5E:6F
next

 

edit MACaddr-3C:4D:5E:6F:7A:8B
    set type mac
    set mac 3C:4D:5E:6F:7A:8B
next

 

edit MACaddr-7A:8B:9C:1D:2E:3F
    set type mac
    set mac 7A:8B:9C:1D:2E:3F
next

 

edit MACaddr-9C:1D:2E:3F:4A:5B
    set type mac
    set mac 9C:1D:2E:3F:4A:5B
next

 

edit MACaddr-5E:6F:7A:8B:9C:1D
    set type mac
    set mac 5E:6F:7A:8B:9C:1D
next

 

edit MACaddr-A1:B2:C3:D4:E5:F6
    set type mac
    set mac A1:B2:C3:D4:E5:F6
next

 

edit MACaddr-D4:E5:F6:A1:B2:C3
    set type mac
    set mac D4:E5:F6:A1:B2:C3
next

 

edit MACaddr-56:34:12:98:67:EF
    set type mac
    set mac 56:34:12:98:67:EF
next

 

edit MACaddr-34:56:78:90:AB:CD
    set type mac
    set mac 34:56:78:90:AB:CD
next

 

Note:

  • Do add at the top: 'config firewall address'.
  •  At the bottom: 'end'.
  • If the device has multi-VDOM enabled then defining the VDOM is mandatory:

 

config vdom

    edit <vdom_name>

        config firewall address

 

Adding these MACs to the FortiGate can be done in two ways:

  1. Copy the entire text to the CLI console on the FortiGate.
  2. Upload via CLI script: Configuration Scripts
398
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.