Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Rajan_kohli
Staff
Staff

Created on ‎07-31-2023 10:46 PM Edited on ‎12-19-2024 10:25 PM By Community Manager

Article Id 266795

Technical Tip: Blocking a MAC address in FortiGate using a Firewall Policy

 

Description

This article describes how to block a MAC address in FortiGate using a Firewall Policy.
Scope

FortiGate 6.x.x and 7.x.x.
Solution

The Firewall Policy to block a MAC address can be either configured from a specific source and destination interface, or for all interfaces.
First, make an address object with the MAC address of the device which needs to be blocked.

 

address.PNG

 

If that MAC should be blocked from accessing all interfaces:

Enable the Multiple Interface Policies feature in feature visibility (configuring a policy in this way will stop Interface Pair view from working):

 

Picture1.png

 

 Make a Deny Firewall Policy with the source address as the address object which we created in step 1, and move the policy to the top of the list:

 

policy.PNG

 

If that MAC should be blocked from accessing specific interfaces (or if Interface Pair View mode should be preserved):
Make the firewall policy with the specific interfaces instead: 

 

mac block.PNG

 

Traffic is now blocked:

 

blocked.PNG

 

Note:

This works only if the MAC address is not getting changed in the path toward FortiGate or if the device is trying to access a service hosted by FortiGate (Web GUI, SSLVPN, etc.)

 

Related articles:
Technical Tip: How to control DHCP user via MAC address
Technical Note : Configuring MAC address filtering on a FortiGate - IP/MAC binding
19368
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.