Description | This article describes information about the ARP Cache Poisoning message. |
Scope | FortiGate 6.x, 7.x. |
Solution |
While FortiGate can assist with mitigating ARP poison attacks, it is primarily done by FortiSwitch. Protecting the network from these kinds of attacks is usually done on the switch level by implementing Dynamic ARP inspection (DAI).
Refer to the documentation. There are still some ways for the FortiGate to block an ARP poison attack by configuring a firewall policy (for traffic going through the FortiGate) and a firewall local-in policy (for traffic going to the FortiGate) and configure the MAC addresses that are allowed by choice only.
Even after implementing this, an ARP poison attack may occur, leading the legitimate hosts to be blocked by the firewall since the ARP poison attack performs a man-in-the-middle attack which uses an untrusted MAC address. Consequently, the attack will be converted to a denial-of-service attack.
See this article for instructions on how to block based on MAC addresses. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.