FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
hrahuman_FTNT
Article Id 195523
Description
This article describes how to create the MAC address filter from device identification in 6.2.

Solution
In a network, MAC address filtering is more secure and more reliable than IP address filtering because the MAC address does not change.

In 6.2, create the MAC address object directly from device identification.
Below are the steps to add/create the MAC address object.

1) Go to system -> interface -> edit interface
Enable: 'Device Detection' & 'Active Scanning'



2) Go to User& Device -> Device Inventory
Choose any existing device with MAC, right click, click on 'Create New Firewall Address' and Choose Mac Address.




3) Once MAC address object created, use it in firewall policy.



Related CLI commands:
#config system interface
    edit "mgmt1"
        set vdom "root"
        set ip 10.5.51.51 255.255.240.0
        set allowaccess ping https ssh http telnet fgfm
        set type physical
        set device-identification enable
        set role lan
        set snmp-index 1
    next
end

#config firewall address
    edit "test"
        set uuid b6b083a4-ddcf-51e9-df0e-e742df70849d
        set type mac
        set start-mac 00:50:50:xx:xx:xx:xx
        set end-mac 00:50:50:xx:xx:xx:xx
    next
end

Contributors