EasyManua.ls Logo

Fortinet FortiGate 400 - Configuring IP;MAC binding for packets going through the firewall

Fortinet FortiGate 400
308 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
194 Fortinet Inc.
IP/MAC binding Firewall configuration
You can enter the static IP addresses and corresponding MAC addresses of trusted
computers in the Static IP/MAC table.
IP/MAC binding can be enabled for packets connecting to the firewall or passing
through the firewall.
This section describes:
Configuring IP/MAC binding for packets going through the firewall
Configuring IP/MAC binding for packets going to the firewall
Adding IP/MAC addresses
Viewing the dynamic IP/MAC list
Enabling IP/MAC binding
Configuring IP/MAC binding for packets going through the firewall
Use the following procedure to use IP/MAC binding to filter packets that would
normally be allowed through the firewall by a firewall policy.
1 Go to Firewall > IP/MAC Binding > Setting.
2 Select Enable IP/MAC binding going through the firewall.
3 Go to Firewall > IP/MAC Binding > Static IP/MAC.
4 Select New to add IP/MAC binding pairs to the IP/MAC binding list.
All packets that would normally be allowed through the firewall by a firewall policy are
first compared with the entries in the IP/MAC binding list. If a match is found, then the
firewall attempts to match the packet with a policy.
For example, if the IP/MAC pair IP 1.1.1.1 and 12:34:56:78:90:ab:cd is added to the
IP/MAC binding list:
A packet with IP address 1.1.1.1 and MAC address 12:34:56:78:90:ab:cd is
allowed to go on to be matched with a firewall policy.
A packet with IP 1.1.1.1 but with a different MAC address is dropped immediately
to prevent IP spoofing.
A packet with a different IP address but with a MAC address of
12:34:56:78:90:ab:cd is dropped immediately to prevent IP spoofing.
A packet with both the IP address and MAC address not defined in the IP/MAC
binding table:
is allowed to go on to be matched with a firewall policy if IP/MAC binding is set
to Allow traffic,
is blocked if IP/MAC binding is set to Block traffic.
Note: If you enable IP/MAC binding and change the IP address of a computer with an IP or
MAC address in the IP/MAC list, you must also change the entry in the IP/MAC list or the
computer will not have access to or through the FortiGate unit. You must also add the IP/MAC
address pair of any new computer that you add to your network or this computer will not have
access to or through the FortiGate unit.

Table of Contents

Related product manuals