Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
msingh_FTNT
Staff
Staff

Created on ‎12-31-2014 05:34 PM Edited on ‎01-30-2024 02:01 AM By Community Manager

Article Id 195983

Technical Tip: MAC address filtering for Wireless clients

Description

 

This document explains how to block a wireless device based on its MAC address.


Scope


This only works for wireless users, not for LAN users.

 

Solution


Below is the required configuration (FortiOS 5.0 or 5.2):

 

# config user device
    edit "Cellphone"
        set mac 40:0e:85:05:10:52
    next
end

# config user device-access-list
    edit "Private_wireles"
     set default-action accept
     config device-list
     edit 284
     set action deny
     set device "Cellphone"
     next
    

# show
config system interface
    edit "310SSID"
        set vdom "root"
        set ip 10.100.100.1 255.255.255.0
        set type vap-switch
        set device-identification enable
        set device-access-list "Private_wireles"
        set snmp-index 14
    next
end

The above configuration allows all wireless users but one to access the Internet provided the traffic matches existing firewall policies.

1374
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.