"Hello everyone,
Currently, my company is using a Cisco 5525x FMC firewall system. In the near future, I am considering migrating to a Fortigate firewall system. However, I’ve encountered an issue that I haven't been able to resolve: when standing on the Fortigate firewall, I can't see the MAC address, domain users, or the OS of the devices. I know that using the firewall as the gateway could resolve this issue, and since the company’s system is relatively small, I have configured it this way—allowing the firewall to manage and detect all devices it scans. But that setup only works for smaller systems.
For larger systems, I’m not sure if the firewall would be more powerful than the core switch. Therefore, I’ve set the core switch to handle IP address assignment, with the gateway being provided by the core. As a result, my internal users don't pass through the firewall when accessing the server for work, making the process faster. However, when users browse the internet or when I want to block devices by MAC address, this doesn’t seem to work.
Does anyone have a solution for this issue?"**
- My system consists of a core switch that creates VLANs, assigns DHCP, and provides static routes to the firewall. The firewall then routes the VLANs for communication and performs NAT so they can connect to the internet and VPN to other sites via Peplink. The problem is that the firewall cannot identify users, MAC addresses, or OS if the core switch handles routing
If the gateway of the hosts resides on the L3 switch, the hosts MAC information is discarded when the packet its routed from the switch to the FGT. This is a limitation of the network design and you can't change it from the FGT perspective.
In this setup you can try to explore and implement FSSO that is able to tie domain users (groups) to theirs IPs that can be later used in firewall policies.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.