How to block Unknown Mac Addresses

lmumbua · ‎09-09-2019

Hello,

I have a Fortigate 90D. I have been asked by the management to setup policies to block internet access to specific users.

I successfully managed to do this,however, I recently discovered that the users are bypassing the IPv4 Policy by Mac spoofing.

Kindly assist on this.

orani · ‎09-09-2019

You can create devices on your fortigate with mac's that you want to allow traffic and then create a policy and set the source with attributes all and the mac's you want to allow.

Orestis Nikolaidis

Network Engineer/IT Administrator

lmumbua · ‎09-09-2019

I have already done this. Although some of the users keep changing the Mac address of their devices.

Therefore the policy will not be useful once they change the MAC address

OneOfUs · ‎09-09-2019

You may need to do things outside the realm of the firewall like:

[ul]

802.1x authentication on the wired/wireless network

DHCP reservation / filter (Allow / Deny)

Sticky MAC on the switch ports

HR Policy: termination of offending employees[/ul]

orani · ‎09-09-2019

Also you can try block through your antivirus programs thatdo mac spoofing

Orestis Nikolaidis

Network Engineer/IT Administrator

How to block Unknown Mac Addresses

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website