Configuring Ip/Mac Binding For Packets Going To The Firewall; Adding Ip/Mac Addresses - Fortinet FortiGate 400 Installation & Configuration Manual

Fortinet network device installation and configuration guide

Hide thumbs

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

300

301

302

303

304

305

306

307

308

Table of Contents

Firewall configuration

Configuring IP/MAC binding for packets going to the firewall

Adding IP/MAC addresses

FortiGate-400 Installation and Configuration Guide

Use the following procedure to use IP/MAC binding to filter packets that would

normally connect with the firewall (for example, when an administrator is connecting to

the FortiGate unit for management).

Go to Firewall > IP/MAC Binding > Setting.

Select Enable IP/MAC binding going to the firewall.

Go to Firewall > IP/MAC Binding > Static IP/MAC.

Select New to add IP/MAC binding pairs to the IP/MAC binding list.

All packets that would normally connect to the firewall are first compared with the

entries in the IP/MAC binding table.

For example, if the IP/MAC pair IP 1.1.1.1 and 12:34:56:78:90:ab:cd is added to the

IP/MAC binding list:

•

A packet with IP address 1.1.1.1 and MAC address 12:34:56:78:90:ab:cd is

allowed to connect to the firewall.

•

A packet with IP 1.1.1.1 but with a different MAC address is dropped immediately

to prevent IP spoofing.

•

A packet with a different IP address but with a MAC address of

12:34:56:78:90:ab:cd is dropped immediately to prevent IP spoofing.

•

A packet with both the IP address and MAC address not defined in the IP/MAC

binding table:

•

is allowed to connect to the firewall if IP/MAC binding is set to Allow traffic,

•

is blocked if IP/MAC binding is set to Block traffic.

Go to Firewall > IP/MAC Binding > Static IP/MAC.

Select New to add an IP address/MAC address pair.

Enter the IP address and the MAC address.

You can bind multiple IP addresses to the same MAC address. You cannot bind

multiple MAC addresses to the same IP address.

However, you can set the IP address to 0.0.0.0 for multiple MAC addresses. This

means that all packets with these MAC addresses are matched with the IP/MAC

binding list.

Similarly, you can set the MAC address to 00:00:00:00:00:00 for multiple IP

addresses. This means that all packets with these IP addresses are matched with the

IP/MAC binding list.

Enter a Name for the new IP/MAC address pair.

The name can contain numbers (0-9), uppercase and lowercase letters (A-Z, a-z), and

the special characters - and _. Other special characters and spaces are not allowed.

Select Enable to enable IP/MAC binding for the IP/MAC pair.

Select OK to save the IP/MAC binding pair.

IP/MAC binding

195

Table of Contents

Show Quick Links

Quick Links:
Deleting Addresses

Hide quick links:

Table of Contents

Configuring Ip/Mac Binding For Packets Going To The Firewall; Adding Ip/Mac Addresses - Fortinet FortiGate 400 Installation & Configuration Manual

Configuring IP/MAC binding for packets going to the firewall

Adding IP/MAC addresses

Hide quick links:

Related Manuals for Fortinet FortiGate 400

Related Content for Fortinet FortiGate 400

Table of Contents