Mac Address Check on SSL VPN ( mobile devices / macos / windows)

bltv · ‎06-20-2023

Hi,

I want to do mac address filtering for SSL VPN, I can do this with the codes below, but when a vpn connection is made through the mobile application, it can connect without mac address filtering. How can I solve this situation.

# config vpn ssl web portal

edit <portal_name>

set mac-addr-check enable

config mac-addr-check-rule

edit <rule_name>

set mac-addr-list <address> [address]

set mac-addr-mask <mask between 1-48>

set set mac-addr-action {allow | deny}

Fortigate version 7.2.2

knagaraju · ‎06-20-2023

Hello Bltv,

You need to have an EMS license in for the host check feature to work.

Please refer the below link for the detailed information
https://community.fortinet.com/t5/FortiClient/Technical-Tip-FortiClient-licensing-and-support/ta-p/1...

Regards
Nagaraju.

bltv · ‎06-20-2023

Hi,

I have one more question

Can we prevent mobile devices from connecting?

Christian_89 · ‎06-20-2023

hello

As Nagaraju already wrote you need a FortiEMS.

To your question only with the Fortigate you can unfortunately not prevent also for this you need a FortiEMS.

Mac Address Check on SSL VPN ( mobile devices / macos / windows)

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website