Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
lmumbua
New Contributor

How to block Unknown Mac Addresses

Hello,

 

I have a Fortigate 90D. I have been asked by the management to setup policies to block internet access to specific users.

I successfully managed to do this,however, I recently discovered that the users are bypassing the IPv4 Policy by Mac spoofing.

Kindly assist on this.

4 REPLIES 4
orani
Contributor II

You can create devices on your fortigate with mac's that you want to allow traffic and then create a policy and set the source with attributes all and the mac's you want to allow.

Orestis Nikolaidis

Network Engineer/IT Administrator

Orestis Nikolaidis Network Engineer/IT Administrator
lmumbua
New Contributor

I have already done this. Although some of the users keep changing the Mac address of their devices.

Therefore the policy will not be useful once they change the MAC address

OneOfUs
New Contributor III

You may need to do things outside the realm of the firewall like:

[ul]
  • 802.1x authentication on the wired/wireless network
  • DHCP reservation / filter (Allow / Deny)
  • Sticky MAC on the switch ports
  • HR Policy: termination of offending employees[/ul]
  • orani
    Contributor II

    Also you can try block through your antivirus programs thatdo mac spoofing

    Orestis Nikolaidis

    Network Engineer/IT Administrator

    Orestis Nikolaidis Network Engineer/IT Administrator
    Labels
    Top Kudoed Authors