Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
shcee0
New Contributor II

Created on ‎06-21-2023 12:33 AM

mac addressed-based policy is works on fortigate 200E 6.4.11?

hello, 

My company uses Fortigate 200E equipment and the version is 6.4.11.
Forticare support is the only license that is active, and IPS, Antivirus, and Web filtering are not licensed.

I want to control the VPN connect that accesses based on the Mac address.

Can I make a policy based on Mac address without a separate license?

 

I think the Mac address-based access control policy does not require any license from various sources,

but I asked because it is an environment where testing is not possible. Please give us a lot of help.

 

thank you.

Labels:
2573
0 Kudos
1 Solution
rmreddy
Staff
Staff

Created on ‎06-21-2023 08:37 PM

Hi,

As you are configuring for SSLVPN using MAC based

Please follow the below link for your reference how to restrict VPN based on MAC address.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-MAC-Address-check-on-SSL-VPN-connections/t...

However, follow the below link regarding the MAC binding supported platforms for your reference.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-SSL-VPN-client-MAC-binding-supported-platf...

 

If you are using forticlient below v6.2, then license is not required, however if you are using above v6.2 EMS license is reauired.
Please go through the link provided regarding MAC supported platform.

View solution in original post

2474
9 REPLIES 9
rmreddy
Staff
Staff

Created on ‎06-21-2023 03:27 AM

Hi,

Please follow the below link for your reference how to restrict VPN based on MAC address.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-MAC-Address-check-on-SSL-VPN-connections/t...

However, follow the below link regarding the MAC binding supported platforms for your reference.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-SSL-VPN-client-MAC-binding-supported-platf...

2554
0 Kudos
shcee0
New Contributor II
In response to rmreddy

Created on ‎06-21-2023 06:45 PM Edited on ‎06-21-2023 06:53 PM

Mac-based access control requires a license.

but I couldn't find the license information for the 6.4 version.

 
2505
0 Kudos
srajeswaran
Staff
Staff

Created on ‎06-21-2023 03:30 AM

Hello @shcee0 ,

MAC address based policies don't need any special licensing.

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-create-the-MAC-address-based-polici...
https://docs.fortinet.com/document/fortigate/6.2.0/new-features/485133/mac-address-based-policies

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
2550
0 Kudos
shcee0
New Contributor II
In response to srajeswaran

Created on ‎06-21-2023 06:46 PM Edited on ‎06-21-2023 07:23 PM

That method(link) is incorrect. If I only insert a mac object, the following message prevents me from creating a policy : One user or group is required. Therefore, I must add at least one account(user). I did, but this is only working on my account base, not on my actual Mac address base.

 

이미지 2.png

2503
0 Kudos
rmreddy
Staff
Staff

Created on ‎06-21-2023 03:33 AM

Hi,

However, if you are looking for normal IPV4 policy, you can refer the below link for your reference where special licensing is not required.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-create-the-MAC-address-based-polici...
https://docs.fortinet.com/document/fortigate/6.2.0/new-features/485133/mac-address-based-policies

2548
0 Kudos
shcee0
New Contributor II
In response to rmreddy

Created on ‎06-21-2023 06:50 PM Edited on ‎06-21-2023 07:23 PM

That method(link) is incorrect. If I only insert a mac object, the following message prevents me from creating a policy : One user or group is required. Therefore, I must add at least one account(user). I did, but this is only working on my account base, not on my actual Mac address base.

 

이미지 2.png

2501
0 Kudos
shcee0
New Contributor II

Created on ‎06-21-2023 06:49 PM

I don't know which information to believe.
Whether a license is required or not.

2502
0 Kudos
rmreddy
Staff
Staff

Created on ‎06-21-2023 08:37 PM

Hi,

As you are configuring for SSLVPN using MAC based

Please follow the below link for your reference how to restrict VPN based on MAC address.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-MAC-Address-check-on-SSL-VPN-connections/t...

However, follow the below link regarding the MAC binding supported platforms for your reference.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-SSL-VPN-client-MAC-binding-supported-platf...

 

If you are using forticlient below v6.2, then license is not required, however if you are using above v6.2 EMS license is reauired.
Please go through the link provided regarding MAC supported platform.

2475
shcee0
New Contributor II
In response to rmreddy

Created on ‎06-21-2023 09:48 PM

then... you mean i need license.

thank you. 

2468
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.