Viewing the dynamic ip/mac list, Enabling ip/mac binding – Fortinet FortiGate 4000 User Manual
Page 222
222
Fortinet Inc.
IP/MAC binding
Firewall configuration
3
Enter the IP Address and the MAC Address.
You can bind multiple IP addresses to the same MAC address. You cannot bind
multiple MAC addresses to the same IP address.
However, you can set the IP address to 0.0.0.0 for multiple MAC addresses. This
means that all packets with these MAC addresses are matched with the IP/MAC
binding list.
Similarly, you can set the MAC address to 00:00:00:00:00:00 for multiple IP
addresses. This means that all packets with these IP addresses are matched with the
IP/MAC binding list.
4
Type a Name for the new IP/MAC address pair.
The name can contain numbers (0-9), uppercase and lowercase letters (A-Z, a-z), and
the special characters - and _. Other special characters and spaces are not allowed.
5
Select the Enable check box to enable IP/MAC binding for the IP/MAC pair.
6
Select OK to save the IP/MAC binding pair.
Viewing the dynamic IP/MAC list
To view the dynamic IP/MAC list
1
Go to Firewall > IP/MAC Binding > Dynamic IP/MAC.
Enabling IP/MAC binding
To enable IP/MAC binding
1
Go to Firewall > IP/MAC Binding > Setting.
2
Select the Enable IP/MAC binding going through the firewall check box if you want to
turn on IP/MAC binding for packets that could be matched by policies.
3
Select the Enable IP/MAC binding going to the firewall check box if you want to turn
on IP/MAC binding for packets connecting to the firewall.
4
Configure how IP/MAC binding handles packets with IP and MAC addresses that are
not defined in the IP/MAC list.
Select Allow traffic to allow all packets with IP and MAC address pairs that are not
added to the IP/MAC binding list.
Select Block traffic to block packets with IP and MAC address pairs that are not added
to the IP/MAC binding list.
5
Select Apply to save the changes.
!
Caution: Make sure that you have added the IP/MAC Address pair of your management
computer before enabling IP/MAC binding.