IPv6 MAC addresses and usage in firewall policies
Users can define IPv6 MAC addresses that can be applied to the following policies:
- Firewall
- Virtual wire pair
- ACL/DoS
- Central NAT
- NAT64
- Local-in
In FortiOS, you can configure a firewall address object with a singular MAC, wildcard MAC, multiple MACs, or a MAC range. In this example, a firewall policy is configured in a NAT mode VDOM with the IPv6 MAC address as a source address.
![]() |
IPv6 MAC addresses cannot be used as destination addresses in VDOMs when in NAT operation mode. |
To configure IPv6 MAC addresses in a policy in the GUI:
- Create the MAC address:
- Go to Policy & Objects > Addresses and click Create New > Address.
- For Category, select IPv6 Address.
- Enter an address name.
- For Type, select Device (MAC Address).
- Enter the the MAC address.
- Click OK.