Hi,
Is there any rule or feature that can be used to enforce security for MAC addresses?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello
Sure!
FortiGate has a built in NAC, where you can specify MAC address in NAC policy.
https://docs.fortinet.com/document/fortigate/7.0.0/new-features/830632/nac
On the other hand FortiGate can use MAC addresses as address objects in your firewall rules if needed.
Hello
You can also configure sticky MAC address. Protect the switch and the whole network when combined with MAC-learning-limit against security attacks such as Layer 2 DoS and overflow attacks.
https://docs.fortinet.com/document/fortigate/6.2.0/new-features/485133/mac-address-based-policies
Regards
Verender
Thank you very much @KumarV. Please could you tell me if device detection must be enable on every interface to enforce MAC address-based IPV4 policies? The article does not explain this but the one below from salemneaz does require device detection to be enabled.
Hi, you can create MAC address filter at the FortiGate, take a look at the article reference given below;
Hi jefazo92,
not sure if it applies to your environment but you might also be interested in MAC address check for remote hosts connecting through sslvpn.
Aside from OS and Host check, FortiGate can also perform a MAC address check on the remote host.
Regards
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1634 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.