IC Knowledge Base
Home » Categories » Security & Firewalls » Fortigate UTM

FortiGate MAC host check on SSL VPN

Article ID: 215 | Rating: Unrated | Last Updated: Fri, Aug 31, 2018 at 1:24 PM

Technical Note: MAC host check on SSL VPN

Description
This article describes how to configure a MAC host check on SSL VPN.
 
When a remote client attempts to log in to the portal, the FortiGate unit can be configured to check against the client’s MAC address to ensure that only a specific computer or device is connecting to the tunnel. This can ensure better security in case a password is compromised.

 

 

Technical Note: MAC host check on SSL VPN

Solution
MAC addresses can be tied to specific portals and can be either the entire MAC address or a subset of it. MAC host checking is configured in the CLI using the commands:
conf vpn ssl web portal
  edit portal
    set mac-addr-check enable
    set mac-addr-action allow
    config mac-addr-check-rule
      edit "rule1"
        set mac-addr-list 01:01:01:01:01:01 08:00:27:d4:06:5d
        set mac-addr-mask 48
  end
end

 
Posted by: - Fri, Aug 31, 2018 at 1:24 PM. This article has been viewed 7638 times.
Filed Under: Fortigate UTM
0 (0)
Article Rating (No Votes)
Rate this article
Attached Files
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Name
Email
Security Code Security Code
Related Articles RSS Feed
Fortigate DC Replication RPC port 135 Session-Helper
Viewed 6473 times since Wed, Dec 6, 2017
How to configure DNS based FortiGuard web filtering with FortiOS v5.4
Viewed 6738 times since Wed, Aug 2, 2017
Technical Note: Custom NTP server configuration
Viewed 4394 times since Fri, Aug 11, 2017
Technical Note: DNS resolution not working when DNS Server configured to ’Same as Interface IP’
Viewed 9698 times since Wed, Aug 9, 2017
Fortigate SSL/TLS Handshake fails
Viewed 7811 times since Wed, Dec 6, 2017
Full (Deep) SSL Inspection - Avoid certificate errors
Viewed 7257 times since Thu, Jul 26, 2018
Fortigate Phase 2 Keep Alive
Viewed 3267 times since Thu, Jul 26, 2018
Fortigate Hairpin NAT
Viewed 14035 times since Fri, Aug 4, 2017
Technical Note: Error ’Unable to establish the VPN connection. The VPN server may be unreachable. (-5)’ on FortiClient with SSL VPN
Viewed 44057 times since Mon, Aug 7, 2017
Internet Central Limited, Innovation Centre 2, Keele Science Park, Keele, Staffordshire ST5 5NH
Registered Office: Ivy House Foundry, Hanley, Stoke-on-Trent, ST1 3NR
Registered in England: Reg No. 03079542 VAT Reg No. GB 278 923 705
Contact Us |Terms & Conditions |Legal, Privacy and Cookies
All prices exclude VAT E.&O.E © 2015 Internet Central

All trademarks and logos appearing on the site are the property of their respective owners