Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
krajaa
Staff
Staff

Created on ‎09-11-2020 05:33 AM

Article Id 195295

Technical Tip: Allow MAC addresses to be used in SD-WAN rules and policy routes

Description
From v6.4.2,Users can select MAC addresses as the source in SD-WAN rules and policy routes.

This article describes how to process.

Scope
For version 6.4.2.

Solution
From CLI.

1) Configure the MAC address:
# config firewall address
    edit "mac-add"
        set type mac
        set start-mac 70:4c:a5:86:de:56
        set end-mac 70:4c:a5:86:de:56
    next
end
2)Configure the policy route:
# config router policy
    edit 3
        set srcaddr "mac-add"
        set gateway 15.1.1.34
        set output-device ha
    next
end
3) Configure the SD-WAN rule(can configure only from CLI):
# config system sdwan
    # config service
        edit 1
            set dst "all"
            set src "mac-add"
            set priority-members 1
        next
    end
end
To verify the policy route matching for a MAC address:
# diagnose ip proute match 3.1.1.34 70:4c:a5:86:de:56 port3 22 6
dst=3.1.1.34 src=0.0.0.0 smac=70:4c:a5:86:de:56 iif=11 protocol=22 dport=6
id=00000003 type=Policy Route
seq-num=3
From GUI.

1) Configure the MAC address:





2) Configure the policy route:




Labels:
862
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.