Dear's,
Please suggest how to bind vpn client's IP with MAC address to validate the actual client.
Regards.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
I have found this KB article:
Could you please tell me if it helps?
Regards
Thanks Anthony but our case is little different we have configured client public IP's in foritgate firewall and virtual IP is assigned through Forti client which we have whitelisted. Now we intend to configured the client public IP should be binded with MAC. Dual check verification for connection established i.e MAC and IP both should be matched as client provide us.
Currently we checked multiple ways but unable to find the actual MAC of client's machine.
This article help us but unable to find the MAC of client.
Regards.
Hello,
Oh ok.
Let s continue to find something for helping you :)!
Regards,
I you mean to check connected clients for their MAC addresses as well, then you need MAC address check/rules - https://community.fortinet.com/t5/FortiGate/Technical-Tip-MAC-host-check-on-SSL-VPN/ta-p/194337?exte...
It works with tunnel mode SSL VPN mode only.
https://docs.fortinet.com/document/fortigate/7.0.2/cli-reference/360620/config-vpn-ssl-web-portal
My (unsolicited) opinion is that it is more pain than gain, a maintenance burden without substantial security benefit (or MAC filtering! Cool, then MAC-changer will fix it right..).
Have you considered client certificate authentication as additional step? This would confine a user to the only PC/laptop/etc which has the certificate installed.
N.B. If you really mean to allocate IP based on MAC address of the client (Forticlient does not assign a new MAC on connection, so you can't control this part), then I've never heard of such service in firewalls, but who knows...
Thanks Yurisk for your valuable input, but we dialup vpn in over environment.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.