FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nradia_FTNT
Staff
Staff
Article Id 353952
Description This article describes information about the ARP Cache Poisoning message.
Scope FortiGate 6.x, 7.x.
Solution

While FortiGate can assist with mitigating ARP poison attacks, it is primarily done by FortiSwitch. Protecting the network from these kinds of attacks is usually done on the switch level by implementing Dynamic ARP inspection (DAI).

 

Refer to the documentation.

There are still some ways for the FortiGate to block an ARP poison attack by configuring a firewall policy (for traffic going through the FortiGate) and a firewall local-in policy (for traffic going to the FortiGate) and configure the MAC addresses that are allowed by choice only.

 

Even after implementing this, an ARP poison attack may occur, leading the legitimate hosts to be blocked by the firewall since the ARP poison attack performs a man-in-the-middle attack which uses an untrusted MAC address. Consequently, the attack will be converted to a denial-of-service attack.

 

See this article for instructions on how to block based on MAC addresses.