Solved

Fortigate 80 block MAC address

Posted on 2012-04-01
12
5,458 Views
Last Modified: 2013-04-24
hi guys,

How do I block MAC address in Fortigate?

Thx
0
Comment
Question by:IT_Group1
  • 5
  • 3
  • 2
  • +2
12 Comments
 
LVL 21

Expert Comment

by:eeRoot
Comment Utility
What model do you have, and what software version is it running?
0
 

Author Comment

by:IT_Group1
Comment Utility
Hi,

Fortigate 80c - Firmware version: v4.0,build0320,110419 (MR2 Patch 6)

Thx
0
 
LVL 11

Expert Comment

by:diprajbasu
Comment Utility
block MAC ADDRESS for spoofing or bind MAC ADDRESS

GO TO SYSTEM----DHCP SERVER----ADDRESS LEASES

 you will find mac option.
and from cli mode:-

config system dhcp ipmacbinding
config system dhcp reserved-address
edit <name_str>
     set ip <address_ipv4>
     set mac <address_hex>
     set type {regular | ipsec}
   end

please revert for further clarification
0
 

Author Comment

by:IT_Group1
Comment Utility
diprajbasu Thx.

Does it matter that the Fortigate isn't the DHCP server in this organization?
0
 
LVL 11

Expert Comment

by:diprajbasu
Comment Utility
request you to let me know one thing...what is your exact objective? or what else you want to do?
BLOCKING MAC ADDRESS for what purpose?
0
 
LVL 4

Expert Comment

by:iworks-uworks
Comment Utility
Are you just trying to block access to a specific device from accessing the internet throught the Fortigate?
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:IT_Group1
Comment Utility
Exactly right.
I was managed to perform it by blocking his IP, but since it's a from a DHCP pool, i prefer to REALLY block the guy by using MAC.

Thx
0
 
LVL 11

Expert Comment

by:diprajbasu
Comment Utility
I think youu require ntlm or ldap authentication...if the dhcp pool is realeassing from some separate server.
do ntlm or ldap authentication fortigater from yyour server.....
I think creating dhcp pool in Fortigate will not be possible in your network.
so better to go for ntlm or ldap authentication, so Fortigate will synchronize with server.....
0
 

Author Comment

by:IT_Group1
Comment Utility
Hi,

And if the FG will sync with the server via LDAP, how it'll help us in blocking this naughty MAC?

Thx
0
 
LVL 4

Accepted Solution

by:
iworks-uworks earned 500 total points
Comment Utility
If your server is passing out DHCP, just tie a specific IP to that MAC address in the DHCP server and as long as the user doesn't have admin rights you are good to go.
0
 

Author Comment

by:IT_Group1
Comment Utility
Thx bro.
Just to be sure we're on the same page here:
1. I create an LDAP connection between the FG and the DC
2. I use the syntax you've sent me, and block the MAC
3. As long as the user will keep the same MAC, even with different IP address from the DC DHCP, the FG will be able to block the little wanker..!

Please approve, and i'll commit those changed.

Many thx
0
 
LVL 1

Expert Comment

by:stadmin
Comment Utility
Hi,


The MAC Binding  at System-> DHCP server is only reserving the IP from the DHCP lease. In this case, any system can access internet if he configures allowed IP's statically.
Is there a way to allow only trusted MAC, like the MAC filtering option we get in any lower end Wireless router's.

Thanks
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now