Hello,
I'm trying to create a MAC address-based policy using the VPN tunnel interface as the incoming interface, but it's not working and it authorizes all MAC addresses of the VPN users.
Do I need a license for this?
Regards,
Solved! Go to Solution.
Hello @Hamza_derbali ,
I found a document about that. This document shows you can't apply a mac-based host check with a free client.
Hello @Hamza_derbali ,
Mac-address-based policy just works on Layer2 networks. Because of that, you can't apply a mac-based policy for SSL-VPN.
Also, I can't see a mac-address object on your screenshot.
Hi @Hamza_derbali,
Please refer to this article: https://community.fortinet.com/t5/FortiGate/Technical-Tip-MAC-address-check-on-SSL-VPN-connections/t...
Regards,
Hello @hbac ,
Thanks, but I've already seen this article. The issue I'm facing now is determining whether the host checker requires an additional license for accurate information. For your information, I'm using FortiClient 7.2.4.
Regards,
Hello @Hamza_derbali ,
I found a document about that. This document shows you can't apply a mac-based host check with a free client.
Hi @Hamza_derbali,
It is working in my lab. I'm using FortiClient 7.0.9 free version. I configured SSLVPN to deny my MAC address:
Atlantis-kvm60 (full-access) # show
config vpn ssl web portal
edit "full-access"
set tunnel-mode enable
set ipv6-tunnel-mode enable
set ip-mode user-group
set ip-pools "SSLVPN_TUNNEL_ADDR1"
set ipv6-pools "SSLVPN_TUNNEL_IPv6_ADDR1"
set mac-addr-check enable
set mac-addr-action deny
config mac-addr-check-rule
edit "1"
set mac-addr-list 00:53:6d:6f:48:02
next
end
next
end
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1741 | |
1109 | |
755 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.