Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Dinesh_FTNT
Staff
Staff

Created on ‎10-03-2014 01:26 AM

Article Id 192264

Technical Note: Configure IPsec VPN with XAUTH authentication based on MAC addresses

Description
This article explains how to provide IPsec VPN access for specific MAC addresses.

Solution
1) Create policy based VPN phase1 and phase2.
2) Create IPsec firewall policy.
3) Go to system >> Network >> Interface >> edit "WAN interface" >> enable "DHCP server".
(a) Set the DHCP IP range, then select "Advanced" and set Mode as server.
(b) Create New and add the MAC address, IP address and set action as reserve lastly add "Unknown MAC address" action to block.
(c) Set the Type as "IPsec".

DHCP IP reservation can also be configured through CLI.

config system dhcp server
edit 2
set dns-service default
set interface "wan1"
config ip-range
edit 1
set end-ip 10.201.201.20
set start-ip 10.201.201.10
next
end
set mac-acl-default-action block
set netmask 255.255.255.0
config reserved-address
edit 1
set ip 10.201.201.15
set mac 00:22:19:17:c2:03
next
end
set server-type ipsec
next
end

Labels:
3164
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.