top of page
  • Writer's pictureMatt Sherif

Bulk adding mac address devices to FortiGate

I was poking around on a popular social media site and saw a FortiGate user asking about devices being auto added based on MAC address. He expressed a desire that the FortiGate automatically identify the device type based on OUI. Another user suggested that this can be done manually, I offered a "halfway" solution built on scripting and CLI.

Before we go into the solution, I wanted to give an opinion as to why this isn't the case today; imagine if you had a network where all devices that are seen by the Fortigate automatically get added to the devices list based on OUI, and were committed to the config as a result. You would end up with an astronomically large config and device database, as anything that pops up on your guest network, or anything else would be committed there.

The general use case here is for adding phones, or any other sort of MAC address based device. You can go into the CLI and start typing "config user device" and go through the hundreds or thousands of devices manually, or you can generate the config you need. I chose the latter.

I have created a Powershell and python 3 version.

You can find the script and example CSV file here.


Recent Posts

See All
bottom of page