Created on 11-01-2023 04:34 AM Edited on 01-30-2024 02:09 AM By Jean-Philippe_P
This article describes how to block internet access for mobile phones (Android and iOS) in a WLAN environment.
FortiOS version 7.2.6, FortiAP.
It is possible to deny access to the internet or certain networks for mobile phones specifically by setting NAC Policies and Firewall Policies.
The steps to configure this are as follows:
For Android devices:
config firewall policy
edit <policy_id>
set name "NAC_Android WIFI"
set srcintf "vap_v400" ---> VLAN interfaces under the VAP
set dstintf "virtual-wan-link" ---> Interface or SD-WAN Zone Internet
set action deny
set srcaddr "all"
set dstaddr "all"
set schedule "always"
set service "ALL"
set logtraffic all
next
end
For iOS devices:
config firewall policy
edit <policy_id>
set name "NACiOS WIFI"
set srcintf "vap_v600" ---> VLAN interfaces under the VAP
set dstintf "virtual-wan-link" ---> Interface or SD-WAN Zone Internet
set action deny
set srcaddr "all"
set dstaddr "all"
set schedule "always"
set service "ALL"
set logtraffic all
next
end
Note: This procedure is possible only on a wireless network with FortiAP devices managed by FortiGate.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.