Description
This article describes how to create the MAC address filter from device identification in 6.2, 6.4, and 7.2.
Solution
In firmware 6.2, 6.4, 7.2, create the MAC address object directly from device identification.
Below are the steps to add/create the MAC address object.
- Go to System -> Interface -> Edit interface.
Enable: 'Device Detection' & 'Active Scanning'.
-
Go to User & Device -> Device Inventory.Choose any existing device with MAC, right-click, select 'Create New Firewall Address' and Choose Mac Address.
- Once the MAC address object is created, use it in firewall policy.
Related CLI commands:
config system interface
edit "mgmt1"
set vdom "root"
set ip 10.5.51.51 255.255.240.0
set allowaccess ping https ssh http telnet fgfm
set type physical
set device-identification enable
set role lan
set snmp-index 1
next
end
config firewall address
edit "test"
set uuid b6b083a4-ddcf-51e9-df0e-e742df70849d
set type mac
set start-mac 00:50:50:xx:xx:xx:xx
set end-mac 00:50:50:xx:xx:xx:xx
next
end
Note: the MAC address filtering works only for the mac address which are detected on the interface by the firewall. If using third party switch or devices and the address is not detected on the Firewall, the filtering firewall policy will not be used.
