Block any Computer Using the Internet on Fortigate Firewall

NC

In this article I will show you how to block any computer using the internet on Fortigate Firewall. This article provides a procedure to block any Mac address using a device access list.

Configure the Ports of WAN and LAN

Go to "Network" > "Interfaces", click "Port1"

Block any Computer Using the Internet on Fortigate Firewall

MAC address filtering is more secure and more reliable than IP address filtering because the MAC address does not change.

Block any Computer Using the Internet on Fortigate Firewall

Port 1 is connected to the Internet (WAN), Port 2 is connected to the Internal network (LAN).

  • Alias : lan

  • Role : LAN

  • IP/Netmask : 10.0.0.1/24

  • select the checkbox "PING"

Block any Computer Using the Internet on Fortigate Firewall

Client uses dynamic ip, so we configure more DHCP Scope to grant Client.

  • Enable DHCP Server

  • Address range : 10.0.0.2-10.0.0.254

Click "OK" button to save your settings.

Block any Computer Using the Internet on Fortigate Firewall

Configure default route static routes

Go to "Static Routers", click "Create New" button.

Block any Computer Using the Internet on Fortigate Firewall

  • Set the Destination IP or Mask to 0.0.0.0/0.0.0.0

  • Gateway is the ip address of the ISP's router : 192.168.1.1

  • The Device to the Internet-facing interface : wan1(port1)

Block any Computer Using the Internet on Fortigate Firewall

Next, you make a list of computers that are allowed to use the internet.

Go to "Dashboard" > "Network" > "DHCP". Remember this MAC addresses.

Block any Computer Using the Internet on Fortigate Firewall

Go to "Policy and Objects" then select "Addresses" and select "Create New" then choose "Address".

Block any Computer Using the Internet on Fortigate Firewall

You add the MAC addresses of computers that are allowed to use the internet here. The MAC address is the MAC address you remember above.

Block any Computer Using the Internet on Fortigate Firewall

You create a list of computers that will be blocked from using the internet. You add the Mac addresses of computers that are not allowed to use the internet here.

Block any Computer Using the Internet on Fortigate Firewall

Create a policy that allows computers to access the internet

Go to "policy and objects" then "firewall policy" and select "create new".

  • Give a name for policy : Allow-internet.

  • Set the Incoming Interface to the lan interface and the Outgoing Interface to the Internet-facing interface. 

  • Set Source as the list of computers that are allowed to use the internet you just created.

  • Set Destination Address, Schedule, and Services is ALL.

  • Make sure the Action is set to ACCEPT.

  • Turn on NAT and make sure Use Outgoing Interface Address is selected

Block any Computer Using the Internet on Fortigate Firewall

Once the setup is done and you check the results.

Block any Computer Using the Internet on Fortigate Firewall

You can now browse the internet using any whitelisted computer.

Block any Computer Using the Internet on Fortigate Firewall

So how do you want to block computers that do not use the internet? You follow the next steps.

Create a policy that does not allow computers to access the internet

  • Given name for policy.

  • Set the Incoming Interface to the lan interface and the Outgoing Interface to the Internet-facing interface.

  • Set Source as the list of computers that are not allowed to use the internet that you just created.

  • Set Destination Address, Schedule, and Services is ALL.

  • Make sure the Action is set to DENY.

Block any Computer Using the Internet on Fortigate Firewall

Once the setup is done and you check the results. Now you can't browse the internet using any blacklisted computers.

Block any Computer Using the Internet on Fortigate Firewall

In the next part I will practice adding a new computer to the whitelist or disallow list. I hope this article help you to block the internet of computers on Fortigate Firewall.

Facebook: https://www.facebook.com/routerbest

Twitter: https://twitter.com/routerbestcom

Tags: FortiGate Firewall