Technical Tip: How to exempt MAC/IP address from c...

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 208485

Description

This article describes how to add the MAC/IP addresses to the exempt list of the captive portal or prevent the MAC/IP from email collection.

Scope

FortiGate v6.0+.

Solution

It is always possible to exempt some or the other user/IP to be exempted from the captive portal page.

Follow the steps below for the same:

Go to Network.
Select the Interfaces tab.
Scroll down to the option 'Security mode'.
Set security mode as a captive portal.
Furthermore, under the exempt sources tab, choose the addresses tab and select the MAC/IP address created.

If not already created, it is possible to create it like this, as in the image below:

For email collection exemptions, two firewall policies are required:

Firewall policy with the source address as the IP/MAC to be exempted, and email collection set to disabled:

Snippet of the commands required:

config firewall policy

edit <ID>

set email-collect disable
end

Firewall policy with the source address negate option enabled and email collection enabled:

Snippet of the commands required:

config firewall policy

edit <ID>
set srcaddr-negate enable

set email-collect enable
end

3151

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Technical Tip: How to exempt MAC/IP address from captive portal/email collection

You are leaving our website