Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
anamulomega
New Contributor

Created on ‎08-17-2024 11:26 PM

Maximum MAC support on FortiGate 300E firewall policy

We would like to enable MAC based internet allow policy for our office premises devices. For kind of your information, We are using the FortiGate 300E firewall supported by you. Please let me know how many devices or MAC can be allowed on the FortiGate 300E firewall.

Anamul Karim
Anamul Karim
Labels:
319
0 Kudos
3 REPLIES 3
jezzy
New Contributor

Created on ‎08-18-2024 04:30 AM

@anamulomega wrote:

We would like to enable MAC based internet allow policy for our office premises devices. For kind of your information, We are using the FortiGate 300E firewall supported by you. Please let me know how many devices or MAC can be allowed on the FortiGate 300E firewall.

The FortiGate 300E firewall supports up to 10,000 MAC addresses for MAC-based policies. This allows you to create policies that can accommodate a large number of devices in your office premises. Ensure your firewall's configuration and performance requirements align with this capacity for optimal operation.Heating & Cooling In Bowmanville

287
0 Kudos
mpeddalla
Staff
Staff

Created on ‎08-18-2024 05:04 AM

Hello  @anamulomega ,

 

Thank you for contacting the Fortinet Forum portal.

From the max table value, it looks like you could only have a maximum of 1000 mac address please check below max table 

 https://docs.fortinet.com/max-value-table

or In the FortiGate cli type print tablesize it gives list of all max values as below article:

https://community.fortinet.com/t5/FortiGate/Technical-Note-FortiGate-maximum-values-table/ta-p/19247...

 

 

 

 

 

Best regards,

Manasa.

 

If you feel the above steps helped resolve the issue, mark the reply as solved so that other customers can get it easily while searching for similar scenarios.

Manasa
262
0 Kudos
ap
Staff
Staff

Created on ‎08-18-2024 02:09 PM

Hi @anamulomega ,

 

Please type "print tablesize" on your fortigate 300E CLI and look for "firewall.address:macaddr:" line. It will tell you maximum number of MAC address objects that can be created. However, I was able assign multiple MAC addresses to single (MAC address based) firewall address object during my Lab testing on a Fortigate-VM. Below is the example:

 

config firewall address
edit "MAC-1"
set uuid fd27b5a2-5da2-51ef-6b29-ff39d1174cc3
set type mac
set macaddr "00:43:68:61:05:02" "00:43:68:61:05:03"
next
end

 

MAC-KB.PNG

 

Maximum value table for FortiOS 7.4.4 and Fortigate 300E shows global limit of 20,000 considering all kind of firewall address objects

 

MAC-KB2.PNG

 

Regards,

Ankit

If you have found a solution, please like and accept it to make it easily accessible to others.

231
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.