Created on 12-31-2014 05:34 PM Edited on 01-30-2024 02:01 AM By Kate_M
Description
This document explains how to block a wireless device based on its MAC address.
Scope
This only works for wireless users, not for LAN users.
Solution
Below is the required configuration (FortiOS 5.0 or 5.2):
# config user device
edit "Cellphone"
set mac 40:0e:85:05:10:52
next
end
# config user device-access-list
edit "Private_wireles"
set default-action accept
config device-list
edit 284
set action deny
set device "Cellphone"
next
# show
config system interface
edit "310SSID"
set vdom "root"
set ip 10.100.100.1 255.255.255.0
set type vap-switch
set device-identification enable
set device-access-list "Private_wireles"
set snmp-index 14
next
end
The above configuration allows all wireless users but one to access the Internet provided the traffic matches existing firewall policies.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.