DescriptionThis article explains how to create MAC address based IPv4 policy.SolutionFrom 6.2 version, We have new address type “Device(MAC address)” which can be used in below policies:- IPv4 Firewall Policy.- IPv4 Virtual Wire Pair Policy.- IPv4 ACL Policy.- IPv4 Central SNAT Policy.- IPv4 DoS Policy.
To configure a MAC address based IPv4 policy using GUI
1) Go to Policy & Objects -> Addresses to create or edit an address.
Category: Select AddressType: Select MAC AddressMAC address Scope: Select Single Address or Range
Enter the MAC address and Click 'OK'
2) Go to Policy & Objects +> IPv4 Policy to apply the address type to a policy in NAT mode VDOM.
Create a new policy
Source: Select this MAC address object
Enter the other fields and click 'OK'
To configure a MAC address based IPv4 policy using CLI:
1) Create a new MAC
#config firewall address
edit <name>
set type mac
set start-mac <mac_address_start#>
set end-mac < mac_address_end#>
next
end
2) Apply the address type to a policy
Example:
#config firewall policy
edit 1
set name "mac-addr-policy"
set srcintf "port2"
set dstintf "port1"
set srcaddr "Test-MAC-addr"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set fsso disable
set nat enable
next
end
Important Note:
For policies in NAT mode VDOM, this new MAC address type as source address is the only supported.
For policies in Transparent mode or Virtual Wire Pair interface, use this address type as source or destination