Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Tyler_Durdan
New Contributor

Separate web filtering for MAC Device group possible?

I have a FG100D that we would like to enable separate web filtering criteria for a group of devices.

example: We have 10 tablets in a kids area and 20 PC's in an adult area all using the same wireless SSID and going through the firewall. We want the adults PC's to be able to be open to almost all content but would like the 10 tablets to be highly filtered and limit the content or go through Google Safe Search.

 

I know how to create a User Group based on MAC addresses, but is there a way to put separate filters on that group? I am open to other ideas as well.

2 REPLIES 2
_aey_
New Contributor

Hi,

 

You can create multiple web filter profile. Under System>Feature Visibility you should enable "Multiple Interface Policies". Then under Security Profiles>Web Filter in the right side click plus(+) icon.

 

After create a new profile, you can use this profile in the policy. In the source part you can use Device Category. But before use device category you should enable device detection feature in the incoming interface.

 

Dave_Hall
Honored Contributor

@Steve (aka Tyler):

 

You can create/use different web filter polices on the same subnet - just create a firewall policy using the source (all) and device group (directed to your WAN connection).  Apply any UTM profile/features on this firewall policy then move this firewall policy up in the firewall chain so it is processed. 

 

Alternately, just create a second or separate wifi network that has different UTM profiles applied to the traffic.  This approach does not require the need to reserve device mac addresses  - you can have one for "staff only" and another for "students only".  And if need be, you can lock down or restrict the "staff only" wifi to known devices (mac addresses).

 

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors