SSLVPN Hardening
From our Fortigate device, we click on "SSL VPN Portals" under "VPN", click on the Portal we want to edit on the screen that appears and click "edit".
FULL Tunnel mode appears on the screen that appears. We openly click on the Edit in CLI button.
The CLI screen opens. I'm starting my configuration. set mac-addr-check enable (I turn on mac address check.) set mac-addr-action allow (I allow the mac address list.) config mac-addr-check-rule (I turn on mac address policy check.) edit XXXX (We are creating a mac address list named XXXX. Change the name according to your needs.) set mac-addr-list ff:ff:ff:ff:ff:ff (I added my mac address.) Write your own mac address where ff is next end (let's end our process.)
Let's do the test
We are doing our test. We provide connection with our user credentials. As you can see below, the connection has been successfully established.
When I change my MAC address in Mac Filtering and try to connect again, I get an error as you can see below.
You can see the scenario we explained in this article on EVE-NG FULL at labimage.com.tr. Did you know that you can buy the package and try it on your own computer?