MAC Access Control

Video Activity

In this video, you will learn how to add device definitions to your FortiGate using Media Access Control addresses, or MAC addresses. These definitions form a whitelist that allows you to control the devices that can access your wireless network. MAC address identification also allows you to assign a reserved IP for exclusive use of a device when i...

Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
1 hour 35 minutes
Difficulty
Beginner
CEU/CPE
2
Video Description

In this video, you will learn how to add device definitions to your FortiGate using Media Access Control addresses, or MAC addresses. These definitions form a whitelist that allows you to control the devices that can access your wireless network. MAC address identification also allows you to assign a reserved IP for exclusive use of a device when it connects to the wireless network.

Video Transcription
00:00
In this video, you will learn how to add device definitions to your Forte gate, using media access control addresses or Mac addresses.
00:09
Thes definitions. Formal white list that allow you to control the devices that can access your wireless network.
00:15
Each network device has a unique Mac address added by the manufacturer. This makes them a handy way to identify a device and in this example will identify an iPhone
00:28
Mac address. Identification also allows you to assign a reserved I p for exclusive use of a device when it connects to the wireless network,
00:37
even though Mac address filtering isn't foolproof. To get around this configuration, a malicious hacker would have to guess an address on your Mac White list.
00:51
First, you will identify the unique Mac address of a device on your network
00:57
for Windows devices. Open the command prompt and type I p. Config. Slash All
01:04
this output shows the configuration information for all the network connections.
01:10
Look for information about the wireless adapter and note the physical address
01:15
for Mac OS X device is open, terminal and type the following.
01:23
Make sure to note the Mac address
01:27
for IOS devices.
01:30
Open settings.
01:33
General.
01:34
A boat device
01:37
and take note of the WiFi actress
01:42
for android devices,
01:47
Open settings,
01:52
a boat device
01:55
status
01:57
and take note of the WiFi Mac address.
02:06
Next, go to user and device
02:09
device device definitions and create a new device definition for an iPhone
02:16
set alias to iPhone.
02:21
Set Mac address to the physical address of the device and set the device type toe iPhone.
02:28
The new definitions will now appear in your device. Lis.
02:32
If device identification is enabled on the wireless interface device definitions will be created automatically.
02:39
Then you can use MAC addresses to identify which device a definition refers to.
02:50
Now go to user and device
02:53
device device groups and create a new group
02:59
named the Group WiFi Access and add the new device as a group member.
03:12
Next, go to system
03:15
network
03:17
interfaces and edit the wireless interface.
03:22
If the 48 p is in bridge mode, you will need to edit the internal interface
03:28
under D H C P Server. Go to advanced options.
03:32
Create a new entry in the Mac reservation and access control list.
03:39
Make sure you reserve an I P address within the D H. CP range of the device is Mac address.
03:53
Go to Policy and objects
03:55
policy. I pee before and create a new policy
04:00
set. Incoming interface to your wireless interface
04:08
source device to the device Group,
04:13
an outgoing interface to the Internet Facing interface.
04:20
Make sure that Nat is turned on
04:32
to check your results. Connect to the wireless network with a device that is a member of the device group.
04:41
You should be able to connect to the WiFi and browse the Internet.
04:46
Connection attempts from a device that is not part of the group will fail.
04:50
Go to system
04:53
40 view all session
04:57
and select now to view the current results.
05:01
Filter the results using the reserve source i p. And verify that it is being used exclusively by the wireless device.
05:11
Thank you for watching. If you need further details, you can visit docks dot fort net dot com to access our complete documentation library.
05:19
Also check out her new cookbooks, ate at cookbook dot Fortinet dot com.
Up Next