Authentication binds to MAC address
In previous FortiOS versions, firewall authentication was source IP based, thus there was no action in response to a MAC address change. This was a security flaw that allowed an unauthenticated user to access restricted resources, especially in a WiFi environment where the IP and MAC binding changed frequently.
MAC addresses can now be bound with the user identity so that the MAC address is matched while matching an auth logon.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Don't Forget To Buy Your Fortinet Hardware From The Fortinet GURU