Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Fortigate 80 block MAC address

Posted on 2012-04-01
12
Medium Priority
?
5,688 Views
Last Modified: 2013-04-24
hi guys,

How do I block MAC address in Fortigate?

Thx
0
Comment
Question by:IT_Group1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +2
12 Comments
 
LVL 22

Expert Comment

by:eeRoot
ID: 37794118
What model do you have, and what software version is it running?
0
 

Author Comment

by:IT_Group1
ID: 37794836
Hi,

Fortigate 80c - Firmware version: v4.0,build0320,110419 (MR2 Patch 6)

Thx
0
 
LVL 11

Expert Comment

by:DIPRAJ
ID: 37795413
block MAC ADDRESS for spoofing or bind MAC ADDRESS

GO TO SYSTEM----DHCP SERVER----ADDRESS LEASES

 you will find mac option.
and from cli mode:-

config system dhcp ipmacbinding
config system dhcp reserved-address
edit <name_str>
     set ip <address_ipv4>
     set mac <address_hex>
     set type {regular | ipsec}
   end

please revert for further clarification
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:IT_Group1
ID: 37795936
diprajbasu Thx.

Does it matter that the Fortigate isn't the DHCP server in this organization?
0
 
LVL 11

Expert Comment

by:DIPRAJ
ID: 37796113
request you to let me know one thing...what is your exact objective? or what else you want to do?
BLOCKING MAC ADDRESS for what purpose?
0
 
LVL 4

Expert Comment

by:iworks-uworks
ID: 37796204
Are you just trying to block access to a specific device from accessing the internet throught the Fortigate?
0
 

Author Comment

by:IT_Group1
ID: 37796426
Exactly right.
I was managed to perform it by blocking his IP, but since it's a from a DHCP pool, i prefer to REALLY block the guy by using MAC.

Thx
0
 
LVL 11

Expert Comment

by:DIPRAJ
ID: 37796685
I think youu require ntlm or ldap authentication...if the dhcp pool is realeassing from some separate server.
do ntlm or ldap authentication fortigater from yyour server.....
I think creating dhcp pool in Fortigate will not be possible in your network.
so better to go for ntlm or ldap authentication, so Fortigate will synchronize with server.....
0
 

Author Comment

by:IT_Group1
ID: 37799605
Hi,

And if the FG will sync with the server via LDAP, how it'll help us in blocking this naughty MAC?

Thx
0
 
LVL 4

Accepted Solution

by:
iworks-uworks earned 2000 total points
ID: 37800883
If your server is passing out DHCP, just tie a specific IP to that MAC address in the DHCP server and as long as the user doesn't have admin rights you are good to go.
0
 

Author Comment

by:IT_Group1
ID: 37805387
Thx bro.
Just to be sure we're on the same page here:
1. I create an LDAP connection between the FG and the DC
2. I use the syntax you've sent me, and block the MAC
3. As long as the user will keep the same MAC, even with different IP address from the DC DHCP, the FG will be able to block the little wanker..!

Please approve, and i'll commit those changed.

Many thx
0
 
LVL 1

Expert Comment

by:stadmin
ID: 39107865
Hi,


The MAC Binding  at System-> DHCP server is only reserving the IP from the DHCP lease. In this case, any system can access internet if he configures allowed IP's statically.
Is there a way to allow only trusted MAC, like the MAC filtering option we get in any lower end Wireless router's.

Thanks
0

Featured Post

ATEN's HDBaseT Presentation at InfoComm 2017

Hear ATEN Product Manager YT Liang review HDBaseT technology, highlighting ATEN’s latest solutions as they relate to real-world applications during her presentation at the HDBaseT booth at InfoComm 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question