FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
hrahuman_FTNT
Article Id 195523

Description

 

This article describes how to create the MAC address filter from device identification in 6.2, 6.4, and 7.2.

Solution

 

In firmware 6.2, 6.4, 7.2, create the MAC address object directly from device identification.
Below are the steps to add/create the MAC address object.

  1. Go to System -> Interface -> Edit interface.

 

 

Enable: 'Device Detection' & 'Active Scanning'.

 
 
  1. Go to User & Device -> Device Inventory.
    Choose any existing device with MAC, right-click, select 'Create New Firewall Address' and Choose Mac Address.
 
 
 
  1. Once the MAC address object is created, use it in firewall policy.
 
 
Related CLI commands:

config system interface

    edit "mgmt1"
        set vdom "root"
        set ip 10.5.51.51 255.255.240.0
        set allowaccess ping https ssh http telnet fgfm
        set type physical
        set device-identification enable
        set role lan
        set snmp-index 1
    next
end

config firewall address
    edit "test"
        set uuid b6b083a4-ddcf-51e9-df0e-e742df70849d
        set type mac
        set start-mac 00:50:50:xx:xx:xx:xx
        set end-mac 00:50:50:xx:xx:xx:xx
    next
end
 
Note: the MAC address filtering works only for the mac address which are detected on the interface by the firewall. If using third party switch or devices and the address is not detected on the Firewall, the filtering firewall policy will not be used.