Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sandy123
New Contributor

how to block android mobiles using internet

Hello friends

i am trying to block android mobiles from accessing internet but nothing is working out. Can anyone help me please. I have also tried fallowing the bellow link but it's not working.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Usage-of-application-control-to-block-Mobi...

SP
SP
8 REPLIES 8
ebilcari
Staff
Staff

Kindly take a look at this article for MAC address filter from device identification: 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-how-to-create-the-MAC-address-filter-from-...

or NAC policies:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-FortiGate-to-detect-Hikvision-IP-Cam...

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
sandy123

Hello Emijon,

Thanks for your reply the mac based filtering is working fine but what my company wants is that blocking the device directly on wifi like android phone. So it is possible to do it without mac based filter ?

For NAC i don't have forti witches.

 

Regards,

Sandeep

SP
SP
kgeorge
Staff
Staff

Hello Sandy,

 

Did you try the same thing with Deep Inspection in the Firewall Policy,

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Usage-of-application-control-to-block-Mobi...

 

Kindly try if not done yet as it mostly works.

 

Regards,

Klint George

Regards,
Klint George
sandy123

Hello Klint,

I tried i but it dosen't work after applying this policy the android users are still able to access the internet

 

Regards,

Sandeep

SP
SP
gfleming
Staff
Staff

You're going to need a full-blown NAC solution for this. Yes you can probably block based on MAC address but Android is an operating system that runs on many many many types of devices.

 

If you have FortiSwitches you could try FortiLink NAC. See here for more details: https://docs.fortinet.com/document/fortiswitch/7.2.4/fortilink-guide/173271/fortiswitch-network-acce...

 

You can detect OS with this. But again it might not be as effective as full-blown NAC like FortiNAC.

Cheers,
Graham
sandy123

Hello Graham,

Thanks for your reply but sadly i don't have forti switches

 

Regards,

Sandeep

SP
SP
gfleming

Then to do what you want you need FortiNAC. A NAC solution will actively profile every device that connects to your network and determine what kind of device it is. Using policies you can effectively block all Android devices from joining you network using NAC.

 

There's really no way else around it.

Cheers,
Graham
Johnharper
New Contributor III

Simply go to the App info page of that particular app and select the Restrict Data Usage option. 2. A pop-up will open with Wi-Fi and Mobile Data options, you can disable both to completely block the app to use the internet.

Labels
Top Kudoed Authors