When we configure this SSL VPN MAC address filtering, what system limit would dictate the max number of MAC addresses we can configure on an FGT (no vdom/muti-vdom)?
https://community.fortinet.com/t5/FortiGate/Technical-Tip-MAC-address-check-on-SSL-VPN-connections/t...
The max value table doesn't seem to have the exact matching object.
https://docs.fortinet.com/max-value-table
Toshi
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @Toshi_Esumi,
Yes, https://docs.fortinet.com/max-value-table doesn't show that information. However, you can run 'print tablesize' command and look for the following lines:
vpn.ssl.web.portal:mac-addr-check-rule: 0 0 0
vpn.ssl.web.portal:mac-addr-check-rule:mac-addr-list: 0 0 0
For more information, please refer to https://community.fortinet.com/t5/FortiGate/Technical-Note-FortiGate-maximum-values-table/ta-p/19247...
Regards,
If you refer to this line "vpn.ssl.web.portal:mac-addr-check-rule: 0 0 0", I believe the first number means number of entries you can create under "mac-addr-check-rule".
# config vpn ssl web portal
# edit full-access
# config mac-addr-check-rule <<< Parent table.
# edit 1 <<< Child table.
Regards,
Hi @Toshi_Esumi,
Yes, https://docs.fortinet.com/max-value-table doesn't show that information. However, you can run 'print tablesize' command and look for the following lines:
vpn.ssl.web.portal:mac-addr-check-rule: 0 0 0
vpn.ssl.web.portal:mac-addr-check-rule:mac-addr-list: 0 0 0
For more information, please refer to https://community.fortinet.com/t5/FortiGate/Technical-Note-FortiGate-maximum-values-table/ta-p/19247...
Regards,
Not sure why 'grep' doesn't work for this command, but I got the same all '0's on our multi-vdom 1500D as well. I guess '0' means no hard limit.
The explanation in the KB for the first number says below but not clear to me.
"1) The first number refers to the maximum number allowed for the child table in its parent entry."
Could you elaborate a little more?
Toshi
Does anyone have the answer about the meaning of the first number, especially for the meaning of the "child tabple" and the "parent table?
Toshi
If you refer to this line "vpn.ssl.web.portal:mac-addr-check-rule: 0 0 0", I believe the first number means number of entries you can create under "mac-addr-check-rule".
# config vpn ssl web portal
# edit full-access
# config mac-addr-check-rule <<< Parent table.
# edit 1 <<< Child table.
Regards,
Ok, I see the meaning now. This particular one is actually the child table is "edit <name>" though. But the same concept would apply.
Thank you for explaining it @hbac
Toshi
This is good to know, thank you. We are restricting our enterprise apps to be able t be accessed only if you are on our internal network with an SSO provider. It is working. we have restricted the log in from our SSO to only let the user log in if they are inside our network. when we do "what is my ip" the entire company gets the same public IP https://mobdro.bio/
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.