Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mmorcali
New Contributor

Created on ‎03-08-2024 05:27 AM

How to block unknown mac address on fortigate software-switch?

Hi,

 

I create a software-switch and enabled DHCP server on it. I spesified the address range and created ip address assigment rules. I want to block unknown mac address. I added mac address - ip address reservetion. But implict rule action is assign ip. How can i change the ubknown mac address actionb to block?

 

 

 

Ekran görüntüsü 2024-03-08 162203.png

Labels:
978
0 Kudos
1 Solution
ozkanaltas
Valued Contributor III

Created on ‎03-08-2024 05:50 AM Edited on ‎03-08-2024 05:50 AM

Hello @mmorcali ,

 

You can easily change implicit rule behavior with a right click. Do Right-click on the implicit rule, and after that select block options in the action menu. 

 

image.png

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

View solution in original post

If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
970
0 Kudos
5 REPLIES 5
ozkanaltas
Valued Contributor III

Created on ‎03-08-2024 05:50 AM Edited on ‎03-08-2024 05:50 AM

Hello @mmorcali ,

 

You can easily change implicit rule behavior with a right click. Do Right-click on the implicit rule, and after that select block options in the action menu. 

 

image.png

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
971
0 Kudos
mmorcali
New Contributor
In response to ozkanaltas

Created on ‎03-08-2024 06:11 AM

I overlooked it. Thank you

958
0 Kudos
mmorcali
New Contributor
In response to ozkanaltas

Created on ‎03-22-2024 05:45 AM

Hello

When dhcp is activated, unknown mac address does not receive ip. It is ok. But when an ip is set in the internal subnet, the device can access the internal network. How do I fix this?

854
0 Kudos
ozkanaltas
Valued Contributor III
In response to mmorcali

Created on ‎03-22-2024 05:51 AM

Hello @mmorcali ,

 

Actually, this request is about the NAC solution. Because of that, you can't do anything with Fortigate.

 

But if your switch is FortiSwitch, Fortigate provides a basic NAC feature with FortiSwitch.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
850
mmorcali
New Contributor
In response to ozkanaltas

Created on ‎03-22-2024 06:56 AM

Ok.

Thank you

835
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.