Fortigate 80 block MAC address

hi guys,

How do I block MAC address in Fortigate?

Thx
IT_Group1Asked:
Who is Participating?
 
iworks-uworksConnect With a Mentor Commented:
If your server is passing out DHCP, just tie a specific IP to that MAC address in the DHCP server and as long as the user doesn't have admin rights you are good to go.
0
 
eeRootCommented:
What model do you have, and what software version is it running?
0
 
IT_Group1Author Commented:
Hi,

Fortigate 80c - Firmware version: v4.0,build0320,110419 (MR2 Patch 6)

Thx
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
DIPRAJCommented:
block MAC ADDRESS for spoofing or bind MAC ADDRESS

GO TO SYSTEM----DHCP SERVER----ADDRESS LEASES

 you will find mac option.
and from cli mode:-

config system dhcp ipmacbinding
config system dhcp reserved-address
edit <name_str>
     set ip <address_ipv4>
     set mac <address_hex>
     set type {regular | ipsec}
   end

please revert for further clarification
0
 
IT_Group1Author Commented:
diprajbasu Thx.

Does it matter that the Fortigate isn't the DHCP server in this organization?
0
 
DIPRAJCommented:
request you to let me know one thing...what is your exact objective? or what else you want to do?
BLOCKING MAC ADDRESS for what purpose?
0
 
iworks-uworksCommented:
Are you just trying to block access to a specific device from accessing the internet throught the Fortigate?
0
 
IT_Group1Author Commented:
Exactly right.
I was managed to perform it by blocking his IP, but since it's a from a DHCP pool, i prefer to REALLY block the guy by using MAC.

Thx
0
 
DIPRAJCommented:
I think youu require ntlm or ldap authentication...if the dhcp pool is realeassing from some separate server.
do ntlm or ldap authentication fortigater from yyour server.....
I think creating dhcp pool in Fortigate will not be possible in your network.
so better to go for ntlm or ldap authentication, so Fortigate will synchronize with server.....
0
 
IT_Group1Author Commented:
Hi,

And if the FG will sync with the server via LDAP, how it'll help us in blocking this naughty MAC?

Thx
0
 
IT_Group1Author Commented:
Thx bro.
Just to be sure we're on the same page here:
1. I create an LDAP connection between the FG and the DC
2. I use the syntax you've sent me, and block the MAC
3. As long as the user will keep the same MAC, even with different IP address from the DC DHCP, the FG will be able to block the little wanker..!

Please approve, and i'll commit those changed.

Many thx
0
 
stadminCommented:
Hi,


The MAC Binding  at System-> DHCP server is only reserving the IP from the DHCP lease. In this case, any system can access internet if he configures allowed IP's statically.
Is there a way to allow only trusted MAC, like the MAC filtering option we get in any lower end Wireless router's.

Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.