IC Knowledge Base
Home » Categories » Security & Firewalls » Fortigate UTM

FortiGate MAC host check on SSL VPN

Article ID: 215 | Rating: Unrated | Last Updated: Fri, Aug 31, 2018 at 1:24 PM

Technical Note: MAC host check on SSL VPN

Description
This article describes how to configure a MAC host check on SSL VPN.
 
When a remote client attempts to log in to the portal, the FortiGate unit can be configured to check against the client’s MAC address to ensure that only a specific computer or device is connecting to the tunnel. This can ensure better security in case a password is compromised.

 

 

Technical Note: MAC host check on SSL VPN

Solution
MAC addresses can be tied to specific portals and can be either the entire MAC address or a subset of it. MAC host checking is configured in the CLI using the commands:
conf vpn ssl web portal
  edit portal
    set mac-addr-check enable
    set mac-addr-action allow
    config mac-addr-check-rule
      edit "rule1"
        set mac-addr-list 01:01:01:01:01:01 08:00:27:d4:06:5d
        set mac-addr-mask 48
  end
end

 
Posted by: - Fri, Aug 31, 2018 at 1:24 PM. This article has been viewed 7485 times.
Filed Under: Fortigate UTM
0 (0)
Article Rating (No Votes)
Rate this article
Attached Files
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Name
Email
Security Code Security Code
Related Articles RSS Feed
Technical Note: Error ’Unable to establish the VPN connection. The VPN server may be unreachable. (-5)’ on FortiClient with SSL VPN
Viewed 43820 times since Mon, Aug 7, 2017
Technical Note: DNS resolution not working when DNS Server configured to ’Same as Interface IP’
Viewed 9554 times since Wed, Aug 9, 2017
Full (Deep) SSL Inspection - Avoid certificate errors
Viewed 7101 times since Thu, Jul 26, 2018
Fortigate Hairpin NAT
Viewed 13482 times since Fri, Aug 4, 2017
Fortigate SSL/TLS Handshake fails
Viewed 7731 times since Wed, Dec 6, 2017
Fortigate Phase 2 Keep Alive
Viewed 3187 times since Thu, Jul 26, 2018
Technical Note: Custom NTP server configuration
Viewed 4297 times since Fri, Aug 11, 2017
How to configure DNS based FortiGuard web filtering with FortiOS v5.4
Viewed 6640 times since Wed, Aug 2, 2017
Fortigate DC Replication RPC port 135 Session-Helper
Viewed 6346 times since Wed, Dec 6, 2017
Internet Central Limited, Innovation Centre 2, Keele Science Park, Keele, Staffordshire ST5 5NH
Registered Office: Ivy House Foundry, Hanley, Stoke-on-Trent, ST1 3NR
Registered in England: Reg No. 03079542 VAT Reg No. GB 278 923 705
Contact Us |Terms & Conditions |Legal, Privacy and Cookies
All prices exclude VAT E.&O.E © 2015 Internet Central

All trademarks and logos appearing on the site are the property of their respective owners