Fortinet FortiGate FortiGate-800

Fortinet FortiGate FortiGate-800

336 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

216 Fortinet Inc.

IP/MAC binding Firewall configuration

For example, if the IP/MAC pair IP 1.1.1.1 and 12:34:56:78:90:ab:cd is added to the

IP/MAC binding list:

• A packet with IP address 1.1.1.1 and MAC address 12:34:56:78:90:ab:cd is

allowed to go on to be matched with a firewall policy.

• A packet with IP 1.1.1.1 but with a different MAC address is dropped immediately

to prevent IP spoofing.

• A packet with a different IP address but with a MAC address of

12:34:56:78:90:ab:cd is dropped immediately to prevent IP spoofing.

• A packet with both the IP address and MAC address not defined in the IP/MAC

binding table:

• is allowed to go on to be matched with a firewall policy if IP/MAC binding is set

to Allow traffic,

• is blocked if IP/MAC binding is set to Block traffic.

Configuring IP/MAC binding for packets going to the firewall

Use the following procedure to use IP/MAC binding to filter packets that would

normally connect with the firewall (for example, when an administrator is connecting to

the FortiGate unit for management).

To configure IP/MAC binding for packets going to the firewall

1 Go to Firewall > IP/MAC Binding > Setting.

2 Select the Enable IP/MAC binding going to the firewall check box.

3 Go to Firewall > IP/MAC Binding > Static IP/MAC.

4 Select New to add IP/MAC binding pairs to the IP/MAC binding list.

All packets that would normally connect to the firewall are first compared with the

entries in the IP/MAC binding table.

For example, if the IP/MAC pair IP 1.1.1.1 and 12:34:56:78:90:ab:cd is added to the

IP/MAC binding list:

• A packet with IP address 1.1.1.1 and MAC address 12:34:56:78:90:ab:cd is

allowed to connect to the firewall.

• A packet with IP 1.1.1.1 but with a different MAC address is dropped immediately

to prevent IP spoofing.

• A packet with a different IP address but with a MAC address of

12:34:56:78:90:ab:cd is dropped immediately to prevent IP spoofing.

• A packet with both the IP address and MAC address not defined in the IP/MAC

binding table:

• is allowed to connect to the firewall if IP/MAC binding is set to Allow traffic,

• is blocked if IP/MAC binding is set to Block traffic.

Adding IP/MAC addresses

To add an IP/MAC address

1 Go to Firewall > IP/MAC Binding > Static IP/MAC.

2 Select New to add an IP address/MAC address pair.

Table of Contents

Other manuals for Fortinet FortiGate FortiGate-800

Quick Start Guide2 pages

Administration Guide392 pages

Install Guide56 pages

Related product manuals

Preview: Fortinet FortiGate-80C

Fortinet FortiGate-80C

Preview: Fortinet FortiGate FG-80C

Fortinet FortiGate FG-80C

Preview: Fortinet FortiGate

Fortinet FortiGate

Preview: Fortinet FortiGate 50A

Fortinet FortiGate 50A

Preview: Fortinet FortiGate 300C

Fortinet FortiGate 300C

Preview: Fortinet FortiGate 1000D

Fortinet FortiGate 1000D

Preview: Fortinet FortiGate Series

Fortinet FortiGate Series

Fortinet FortiGate FortiGate-500

Fortinet FortiGate FortiGate-100

Preview: FortiGate FortiGate-3000

FortiGate FortiGate-3000

Preview: FortiGate FortiGate-200A

FortiGate FortiGate-200A

Preview: FortiGate FortiGate-3016B

FortiGate FortiGate-3016B