Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
firewalled
New Contributor

Created on ‎04-23-2018 03:12 AM

Cisco SG300 and Fortigate 90D integration

I need help in setting up my network, currently I have the following setup.

 

All the computers can browse the internet but when I tried to create a two groups (a group that can access the internet and a group that can't access the internet) using Device MAC Access Control but to no avail still all the computers can access the internet. I follow the instructions in the Fortigate Cookbook (FORTI OS 5.4), Fortigate seems cannot recognize/identify MAC Addreses of the computers int the network.

NET.jpg
Preview file
107 KB
Labels:
3610
0 Kudos
1 REPLY 1
localhost
Contributor III

Created on ‎04-23-2018 03:41 AM

Since your switch is doing the routing, source mac address will always be your switch (192.168.1.2).

 

Some options you have:

- Move the routing to the fortigate. Keep the switch just as a layer 2 device. Then you can use MAC addresses in your policy.

- Assign static ip, or dhcp reservations and use IP addresses in your policy.

- Use FSSO

1368
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.