Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
cravikumar
Staff
Staff

Created on ‎12-26-2022 11:23 PM

Article Id 241005

Troubleshooting Tip: Policy filter by mac address not working

Description

This article describes the situation when traffic is not matching the policy filtered with the source mac address.

 

cravikumar_0-1672075832355.png

 
Scope FortiGate.
Solution

- Make sure to enter the right mac address.

 

- To check the mac address on the pc, open the command prompt and enter 'ipconfig/all'.

 

cravikumar_1-1672075868038.png

 

- Go to Policy&Objects -> Addresses and check the mac address.

 

cravikumar_2-1672075868039.png

 

- Add the 'PC-MAC' address object to the firewall policy.

 

cravikumar_3-1672075868043.png

 

- Then, go to Network -> Diagnostics -> Packet Capture and apply the filter as follows.

 

cravikumar_4-1672075868045.png

 

- Capture traffic on the incoming interface of the firewall and filter for PC’s IP address.

 

- Download the pcap file and check for the source mac address.

 

cravikumar_5-1672075868046.png

 

- The source mac address is different from the PC’s mac address.

 

- If having an L3 switch between the pc and the FortiGate, it will change the source mac address and it will not be possible to use a filter by mac address.

 

Related document:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-create-the-MAC-address-based-polici...
Labels:
385
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.