Does Fortigate have any MAC Security features?

jefazo92 · ‎07-30-2024

Hi,

Is there any rule or feature that can be used to enforce security for MAC addresses?

AEK · ‎07-30-2024

Hello

Sure!

FortiGate has a built in NAC, where you can specify MAC address in NAC policy.

https://docs.fortinet.com/document/fortigate/7.0.0/new-features/830632/nac

On the other hand FortiGate can use MAC addresses as address objects in your firewall rules if needed.

AEK

KumarV · ‎07-30-2024

Hello

You can also configure sticky MAC address. Protect the switch and the whole network when combined with MAC-learning-limit against security attacks such as Layer 2 DoS and overflow attacks.

https://docs.fortinet.com/document/fortigate/6.2.0/new-features/485133/mac-address-based-policies

Regards

Verender

jefazo92 · ‎08-27-2024

Thank you very much @KumarV. Please could you tell me if device detection must be enable on every interface to enforce MAC address-based IPV4 policies? The article does not explain this but the one below from salemneaz does require device detection to be enabled.

salemneaz · ‎07-30-2024

Hi, you can create MAC address filter at the FortiGate, take a look at the article reference given below;

https://community.fortinet.com/t5/FortiGate/Technical-Tip-how-to-create-the-MAC-address-filter-from-...

Salem

Hatibi · ‎08-27-2024

Hi jefazo92,

not sure if it applies to your environment but you might also be interested in MAC address check for remote hosts connecting through sslvpn.

Aside from OS and Host check, FortiGate can also perform a MAC address check on the remote host.

https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/32970/configuring-os-and-hos...

Regards

Does Fortigate have any MAC Security features?

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website