Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
bltv
New Contributor

Mac Address Check on SSL VPN ( mobile devices / macos / windows)

Hi,

 

 I want to do mac address filtering for SSL VPN, I can do this with the codes below, but when a vpn connection is made through the mobile application, it can connect without mac address filtering. How can I solve this situation.

 

# config vpn ssl web portal

    edit <portal_name>

        set mac-addr-check enable

        config mac-addr-check-rule

            edit <rule_name>

                set mac-addr-list <address> [address]

                set mac-addr-mask <mask between 1-48>

            next

        end

        set set mac-addr-action {allow | deny}

    next

end

 

Fortigate version 7.2.2

3 REPLIES 3
knagaraju
Staff
Staff

Hello Bltv,

You need to have an EMS license in for the host check feature to work.

Please refer the below link for the detailed information
https://community.fortinet.com/t5/FortiClient/Technical-Tip-FortiClient-licensing-and-support/ta-p/1...


Regards
Nagaraju.

bltv
New Contributor

Hi,

I have one more question 

Can we prevent mobile devices from connecting?

Christian_89

hello

As Nagaraju already wrote you need a FortiEMS.

To your question only with the Fortigate you can unfortunately not prevent also for this you need a FortiEMS.