Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New_Member
New Contributor

Created on ‎02-13-2016 11:11 PM

How to block internet access by Mac address!

Hi all,

I am using fortigate 300C V5.0 .

I want to block internet some Pcs by Mac address,so when i created an policy device identity with Authentication Rules action=Deny,All pcs couldn't access internet.

Kindly help to fix this issues!

Many thanks

 

forti300c.jpg
Preview file
131 KB
35409
0 Kudos
8 REPLIES 8
MrN3ff
New Contributor

Created on ‎02-15-2016 09:03 AM

With v5.2 we've done this a few ways... Only one is leveraging MAC addresses though...

 

Option 1 - (if machine is permanently blocked from internet)

  > Open DHCP monitor > right-click DHCP lease > create/edit IP Reservation > set action "Block"

 

Option 2 - (if you want all users to authenticate - I use this option since we have many users using the same computer so I can't block a certain machines MAC.  Put policies above this policy for internal traffic "ie: intranet sites, services, etc..")

  > Create policy: Internal > Src=DHCP scope/all computers > User Group or User > Internet > All > ALWAYS > All

 

I believe on v5.0 you can find the same settings stated in Option 1 under "System>Network>Interfaces" and look for your internal network handing out DHCP leases (if done locally with Fortigate).  Click the "Advanced.." hyperlink and add MAC addresses with appropriate action. Hope some of this helps.

9051
0 Kudos
Bromont_FTNT
Staff
Staff
In response to MrN3ff

Created on ‎02-16-2016 06:57 AM

Enable "Device Management --> Detect and Identify Devices" on your LAN interface

 

Under User&Device --> Device --> Device definitions create a group of blocked MAC IDs

 

In your firewall policy block the device group you need blocked (scales) but allow ALL

 

 

 

9051
0 Kudos
New_Member
New Contributor
In response to Bromont_FTNT

Created on ‎02-17-2016 07:18 PM

Thanks for your help!

I already configured fortigate follow your advice but still deny all user access internet.

9051
0 Kudos
Bromont_FTNT
Staff
Staff
In response to New_Member

Created on ‎02-18-2016 05:22 AM

According to your screenshot above you DENY for both scales and ALL

9051
0 Kudos
New_Member
New Contributor
In response to Bromont_FTNT

Created on ‎02-19-2016 02:13 AM

I understood!but the second line in the Authentication Rules is default of Fortigate,i could not Edit this rule.

Could you advice me!

9051
0 Kudos
ede_pfau
SuperUser
SuperUser
In response to New_Member

Created on ‎02-19-2016 03:07 AM

Try to add an "ALL-ALL-ACCEPT" rule, and see what happens.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
9052
0 Kudos
nicovon
New Contributor
In response to Bromont_FTNT

Created on ‎03-16-2017 11:52 AM

I need to prevent internet access by mac filtering but not wireless internet connection. I need to block wired internet connection. How I have to perform the rule? I have fortiguard 90d..
9052
0 Kudos
ede_pfau
SuperUser
SuperUser
In response to nicovon

Created on ‎03-19-2017 06:18 AM

You have hijacked a thread that is already over one year old. Please start a thread on your own.

Second, supply sufficient information so that one can help - version of FortiOS, at least.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
9052
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.