Fortigate | Access Policy based on mac address

Today, I had to configure access to a certain Vlan for a few clients. The challenge was only that the systems could connect by ethernet or by Wi-Fi. To avoid the reservation for IP addresses it looked for a different solution. If it was possible to do this based on Mac Address.

I created a new policy for the incoming interface and outgoing interface.

The source addresses will be the new mac addresses of the devices.

Click on OK and add the system to the policy

Ensure where to the system can connect to and if all services are allowed or not. NAT should be disabled, and you enable the policy.

When enabled you see the devices to the destination. scheduled when or always. If the actions are allowed and if NAT is enabled or disabled. Inspection can be turned on and logging settings.

A return policy is not possible to go to the mac address so this will be a regular source all to destination all. (Source lan address group) to (destination lan address group)
This way you can secure the network bit more. I might give some more administration tasks especially if there a a continuously flow of personnel and change of systems who receives it.

Probably but not tested it. You can add systems based on mac addresses and when you use the FortiGate connector to the Active Directory combined with a username. This could be the case if the computer is used by multiple users.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.