How to block mobile phones from connecting to WiFi?
I've blocked many mobile phones from connecting to our wifi via MAC blocking at the DHCP advanced options on Fortigate. But the problem is most of these phones have MAC randomisation turned on, so the next day they're back on my Wifi again.
Is there any other way to block these devices, other that using a whitelist option?
Is there a way to block by hostname? or any other identifier?
How random are the random macs? if the first few octets remain the same you can use a wildcard match in the mac address field. Usually first 6 digits are the vendor code that may not change even when randomising.
Sounds like the problem could be solved differently though, if these devices shouldn't be on the network how are they allowed to authenticate, if its a known shared psk, then perhaps look at using ppsk, or what about using radius so they need to login with AD credentials.
The MAC address is totally different each time. We're a somewhat small office, without any AD. Devices currently connect to WiFI via a single password. We have 4 consumer grade access points of varying brands. I doubt they have PPSK option. I'm trying to do this without additional costs.
Seems like a simple solution, but it's difficult.
Is there no way to block them via hostname? Some articles mention about hostname but don't mention how.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.