IPv6 MAC addresses and usage in firewall policies

Users can define IPv6 MAC addresses that can be applied to the following policies:

  • Firewall
  • Virtual wire pair
  • ACL/DoS
  • Central NAT
  • NAT64
  • Local-in

In FortiOS, you can configure a firewall address object with a singular MAC, wildcard MAC, multiple MACs, or a MAC range. In this example, a firewall policy is configured in a NAT mode VDOM with the IPv6 MAC address as a source address.


IPv6 MAC addresses cannot be used as destination addresses in VDOMs when in NAT operation mode.

To configure IPv6 MAC addresses in a policy in the GUI:
  1. Create the MAC address:
    1. Go to Policy & Objects > Addresses and click Create New > Address.
    2. For Category, select IPv6 Address.
    3. Enter an address name.
    4. For Type, select Device (MAC Address).
    5. Enter the the MAC address.

    6. Click OK.