- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
num of MAC address limit in SSL VPN filtering
When we configure this SSL VPN MAC address filtering, what system limit would dictate the max number of MAC addresses we can configure on an FGT (no vdom/muti-vdom)?
https://community.fortinet.com/t5/FortiGate/Technical-Tip-MAC-address-check-on-SSL-VPN-connections/t...
The max value table doesn't seem to have the exact matching object.
https://docs.fortinet.com/max-value-table
Toshi
Solved! Go to Solution.
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Toshi_Esumi,
Yes, https://docs.fortinet.com/max-value-table doesn't show that information. However, you can run 'print tablesize' command and look for the following lines:
vpn.ssl.web.portal:mac-addr-check-rule: 0 0 0
vpn.ssl.web.portal:mac-addr-check-rule:mac-addr-list: 0 0 0
For more information, please refer to https://community.fortinet.com/t5/FortiGate/Technical-Note-FortiGate-maximum-values-table/ta-p/19247...
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you refer to this line "vpn.ssl.web.portal:mac-addr-check-rule: 0 0 0", I believe the first number means number of entries you can create under "mac-addr-check-rule".
# config vpn ssl web portal
# edit full-access
# config mac-addr-check-rule <<< Parent table.
# edit 1 <<< Child table.
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Toshi_Esumi,
Yes, https://docs.fortinet.com/max-value-table doesn't show that information. However, you can run 'print tablesize' command and look for the following lines:
vpn.ssl.web.portal:mac-addr-check-rule: 0 0 0
vpn.ssl.web.portal:mac-addr-check-rule:mac-addr-list: 0 0 0
For more information, please refer to https://community.fortinet.com/t5/FortiGate/Technical-Note-FortiGate-maximum-values-table/ta-p/19247...
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not sure why 'grep' doesn't work for this command, but I got the same all '0's on our multi-vdom 1500D as well. I guess '0' means no hard limit.
The explanation in the KB for the first number says below but not clear to me.
"1) The first number refers to the maximum number allowed for the child table in its parent entry."
Could you elaborate a little more?
Toshi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Does anyone have the answer about the meaning of the first number, especially for the meaning of the "child tabple" and the "parent table?
Toshi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you refer to this line "vpn.ssl.web.portal:mac-addr-check-rule: 0 0 0", I believe the first number means number of entries you can create under "mac-addr-check-rule".
# config vpn ssl web portal
# edit full-access
# config mac-addr-check-rule <<< Parent table.
# edit 1 <<< Child table.
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok, I see the meaning now. This particular one is actually the child table is "edit <name>" though. But the same concept would apply.
Thank you for explaining it @hbac
Toshi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This is good to know, thank you. We are restricting our enterprise apps to be able t be accessed only if you are on our internal network with an SSO provider. It is working. we have restricted the log in from our SSO to only let the user log in if they are inside our network. when we do "what is my ip" the entire company gets the same public IP https://mobdro.bio/