1. Manuals
  2. Brands
  3. Fortinet Manuals
  4. Firewall
  5. FortiGate FortiGate-50R
  6. Installation and configuration manual

Configuring Ip/Mac Binding For Packets Going To The Firewall; Adding Ip/Mac Addresses - Fortinet FortiGate FortiGate-50R Installation And Configuration Manual

Antivirus firewall
Hide thumbs
Table of Contents

Advertisement

IP/MAC binding

Configuring IP/MAC binding for packets going to the firewall

Adding IP/MAC addresses

138
For example, if the IP/MAC pair IP 1.1.1.1 and 12:34:56:78:90:ab:cd is added to the
IP/MAC binding list:
A packet with IP address 1.1.1.1 and MAC address 12:34:56:78:90:ab:cd is
allowed to go on to be matched with a firewall policy.
A packet with IP 1.1.1.1 but with a different MAC address is dropped immediately
to prevent IP spoofing.
A packet with a different IP address but with a MAC address of
12:34:56:78:90:ab:cd is dropped immediately to prevent IP spoofing.
A packet with both the IP address and MAC address not defined in the IP/MAC
binding table:
is allowed to go on to be matched with a firewall policy if IP/MAC binding is set
to Allow traffic,
is blocked if IP/MAC binding is set to Block traffic.
Use the following procedure to use IP/MAC binding to filter packets that would
normally connect with the firewall (for example, when an administrator is connecting to
the FortiGate unit for management).
1
Go to Firewall > IP/MAC Binding > Setting.
2
Select Enable IP/MAC binding going to the firewall.
3
Go to Firewall > IP/MAC Binding > Static IP/MAC.
4
Select New to add IP/MAC binding pairs to the IP/MAC binding list.
All packets that would normally connect to the firewall are first compared with the
entries in the IP/MAC binding table.
For example, if the IP/MAC pair IP 1.1.1.1 and 12:34:56:78:90:ab:cd is added to the
IP/MAC binding list:
A packet with IP address 1.1.1.1 and MAC address 12:34:56:78:90:ab:cd is
allowed to connect to the firewall.
A packet with IP 1.1.1.1 but with a different MAC address is dropped immediately
to prevent IP spoofing.
A packet with a different IP address but with a MAC address of
12:34:56:78:90:ab:cd is dropped immediately to prevent IP spoofing.
A packet with both the IP address and MAC address not defined in the IP/MAC
binding table:
is allowed to connect to the firewall if IP/MAC binding is set to Allow traffic,
is blocked if IP/MAC binding is set to Block traffic.
1
Go to Firewall > IP/MAC Binding > Static IP/MAC.
2
Select New to add an IP address/MAC address pair.
Firewall configuration
Fortinet Inc.

Advertisement

Table of Contents
loading

Related Manuals for Fortinet FortiGate FortiGate-50R

Related Content for Fortinet FortiGate FortiGate-50R

This manual is also suitable for:

Fortigate 50r

Table of Contents