config system dhcp server edit <server_index_int> config reserved-address edit <id_int> set ip <ipv4_addr> set mac <mac_addr>2. make a policy in WebGUI that allows traffic only for this reserved IP' s
FCNSP/WCSP
config firewall ipmacbinding setting set bindthroughfw disable set bindtofw disable endOne other way to employ this is to block a known MAC address: just create an IP-MAC pair with a " foreign" IP address (10.111.111.111) where this IP address is not routed on your LAN (and not known to your FGT in any route). If that host uses any routed, correct IP address in your LAN it' s still blocked at the firewall as the pair doesn' t match. There is just one thing I don' t know (and haven' t tested yet, or forgot): if a MAC used is NOT found in a Reserved IP-MAC pair, is that traffic blocked then?
config firewall ipmacbinding setting... and configuring also
config firewall ipmacbinding tableBut at least MAC filters will not be safe. IP' s and MAC' s are configurable...
FCNSP/WCSP
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.