Maximum MAC support on FortiGate 300E firewall policy

anamulomega · ‎08-17-2024

We would like to enable MAC based internet allow policy for our office premises devices. For kind of your information, We are using the FortiGate 300E firewall supported by you. Please let me know how many devices or MAC can be allowed on the FortiGate 300E firewall.

Anamul Karim

mpeddalla · ‎08-18-2024

Hello @anamulomega ,

Thank you for contacting the Fortinet Forum portal.

From the max table value, it looks like you could only have a maximum of 1000 mac address please check below max table

https://docs.fortinet.com/max-value-table

or In the FortiGate cli type print tablesize it gives list of all max values as below article:

https://community.fortinet.com/t5/FortiGate/Technical-Note-FortiGate-maximum-values-table/ta-p/19247...

Best regards,

Manasa.

If you feel the above steps helped resolve the issue, mark the reply as solved so that other customers can get it easily while searching for similar scenarios.

Manasa

ap · ‎08-18-2024

Hi @anamulomega ,

Please type "print tablesize" on your fortigate 300E CLI and look for "firewall.address:macaddr:" line. It will tell you maximum number of MAC address objects that can be created. However, I was able assign multiple MAC addresses to single (MAC address based) firewall address object during my Lab testing on a Fortigate-VM. Below is the example:

config firewall address
edit "MAC-1"
set uuid fd27b5a2-5da2-51ef-6b29-ff39d1174cc3
set type mac
set macaddr "00:43:68:61:05:02" "00:43:68:61:05:03"
next
end

Maximum value table for FortiOS 7.4.4 and Fortigate 300E shows global limit of 20,000 considering all kind of firewall address objects

Regards,

Ankit

If you have found a solution, please like and accept it to make it easily accessible to others.

Maximum MAC support on FortiGate 300E firewall policy

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website