Firewall configuration

IP/MAC binding

 

 

Configuring IP/MAC binding for packets going to the firewall

Use the following procedure to use IP/MAC binding to filter packets that would normally connect with the firewall (for example, when an administrator is connecting to the FortiGate unit for management).

1Go to Firewall > IP/MAC Binding > Setting.

2Select Enable IP/MAC binding going to the firewall.

3Go to Firewall > IP/MAC Binding > Static IP/MAC.

4Select New to add IP/MAC binding pairs to the IP/MAC binding list.

All packets that would normally connect to the firewall are first compared with the entries in the IP/MAC binding table.

For example, if the IP/MAC pair IP 1.1.1.1 and 12:34:56:78:90:ab:cd is added to the IP/MAC binding list:

A packet with IP address 1.1.1.1 and MAC address 12:34:56:78:90:ab:cd is allowed to connect to the firewall.

A packet with IP 1.1.1.1 but with a different MAC address is dropped immediately to prevent IP spoofing.

A packet with a different IP address but with a MAC address of 12:34:56:78:90:ab:cd is dropped immediately to prevent IP spoofing.

A packet with both the IP address and MAC address not defined in the IP/MAC binding table:

is allowed to connect to the firewall if IP/MAC binding is set to Allow traffic,

is blocked if IP/MAC binding is set to Block traffic.

Adding IP/MAC addresses

1Go to Firewall > IP/MAC Binding > Static IP/MAC.

2Select New to add an IP address/MAC address pair.

3Enter the IP address and the MAC address.

You can bind multiple IP addresses to the same MAC address. You cannot bind multiple MAC addresses to the same IP address.

However, you can set the IP address to 0.0.0.0 for multiple MAC addresses. This means that all packets with these MAC addresses are matched with the IP/MAC binding list.

Similarly, you can set the MAC address to 00:00:00:00:00:00 for multiple IP addresses. This means that all packets with these IP addresses are matched with the IP/MAC binding list.

4Enter a Name for the new IP/MAC address pair.

The name can contain numbers (0-9), uppercase and lowercase letters (A-Z, a-z), and the special characters - and _. Other special characters and spaces are not allowed.

5Select Enable to enable IP/MAC binding for the IP/MAC pair.

6Select OK to save the IP/MAC binding pair.

FortiGate-400 Installation and Configuration Guide

195

Page 194 Page 196
Page 195
Image 195
Fortinet 400 manual Adding IP/MAC addresses, 195
Page 194 Page 196
Top Page Image Contents