Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
msanjaypadma
Staff
Staff

Created on ‎06-03-2025 10:53 PM Edited on ‎12-05-2025 01:19 AM By Community Manager

Article Id 394682

Troubleshooting Tip: MAC Address Check Failure When Connecting via SSL VPN

Description

 

This article describes how to troubleshoot MAC Address Check failures when connecting through SSL VPN.

 

Scope

 

FortiGate.

 

Solution

 

If users can log in to SSL VPN without having their MAC addresses allowed in the SSL web portal, it may be due to incorrect MAC addresses being permitted. 

Ensure that the following MAC addresses are not added. Otherwise, remove them from the SSL web portal: '00:09:0F:FE:00:01 and 00:09:0f:aa:00:01'.

 

config vpn ssl web portal

    edit <portal_name>  

     config mac-addr-check-rule

         edit <rule_name>

             unselect mac-addr-list [address] <-----

         next

     end

    next

end

 

If the issue persists, verify that the user is authenticated through the correct authentication portal that has the MAC address check rule enabled.

 

To verify the user is authenticated to the correct portal, use the below debug command :

 

diagnose debug reset

diagnose vpn ssl debug-filter src-addr4 x.x.x.x   ------------------> Client public IP.

diagnose debug application sslvpn -1

diagnose debug enable

 

To stop the debug :

 

diagnose debug disable

532
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.