hi all,
I create port forwarding for my server to be accessed from outside for few users is it possible to filter users based on mac addresses so only registered MAC Address users can access this server and please show me how ???
Thanks in advance for help.
It should be possible if you try the following:
1) Port forwarding is done with a VIP on Fortigate. As such, you would have to create a New Virtual IP under Policy & Objects > Virtual IPs. Your server's IP address would have to go into the "Mapped IP Address/Range" field which would then be mapped to an IP address with the same subnet mask as the source in the "External IP Address/Range" field. Enable Port Forwarding and supply the same port in both fields. Repeat the same process for every server you wish to grant access to.
2) Then navigate to User & Device > Custom Devices & Groups and specify the device's MAC address there along with all other necessary details. Repeat the same process for every other device you want to allow traffic from.
3) Next, create a new Device Group under User & Device > Custom Devices & Groups and select all previously configured devices as "members".
4) Finally, create a new policy under Policy & Objects > IPv4 Policy. Select the Device Group as the source and the VIP as the destination.
I hope the above helps.
NSE5, CCSE, CCNA R&S, CompTIA A+, CompTIA Network+, CompTIA Security+, MTA Security, ITIL v3
Hi nick,
Have you configured your laptop under Custom Devices & Groups? If yes, is that object included somewhere else (i.e. another policy etc.)?
==> Yes i configure my laptop under custom devices and groups, NO im not use this on other policy
Have you configured any other Custom Devices & Groups? If yes, put one of them as the source just to see if the problem would occur with them too.
==> I'll try this today and update To you
Thanks,
Hi Nick,
Thanks for advance, I've done the steps you mentioned but it still does not work hare I attach my Policy use " Source from my laptop" , but when I change the source To all It can be work....is there something I might have missed
Note :
i Use Fortigate 201 E
v5.6.4 build1575 (GA)
Hi Joko,
Could you confirm the following please:
- Have you configured your laptop under Custom Devices & Groups? If yes, is that object included somewhere else (i.e. another policy etc.)?
- Have you configured any other Custom Devices & Groups? If yes, put one of them as the source just to see if the problem would occur with them too.
Many thanks.
NSE5, CCSE, CCNA R&S, CompTIA A+, CompTIA Network+, CompTIA Security+, MTA Security, ITIL v3
hi nick,
sory Just Update the status this problem Already solved and the problem is not On my laptop But I have to add ... Additional MACs Of my Fortigate and my cisco switch .... Thanks for your Help
Joko
No problem at all, any time!
NSE5, CCSE, CCNA R&S, CompTIA A+, CompTIA Network+, CompTIA Security+, MTA Security, ITIL v3
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.