Device identity policies are designed to assist in accommodating the BYOD trends.

These policies will share many of the same characteristics and field values as the other firewall policies. The point at which a Device Policy defers from other policies on the FortiGate firewall is that when creating one of these policies the criteria that the authentication will be based on is the MAC address of the device making the connection. With the MAC addresses being unique to a specific networkable device there is a great deal of control that can be exercised with these policies.

In cooperation with the MAC scanning capabilities of the FortiGate it is relatively simple to create a profile that will allow access to the wireless network to personal devices such as smart phones, tablets and personal laptops that are brought into work by employees or even contractors and other guests.

The process of authentication is similar to the processes taking place in the Identity based policies. The FortiGate firewall checks the incoming traffic for parameters such as interfaces, addresses, times and services and then matches them with the values associated with the traffic that is associated with the MAC addresses listed in the policy. If everything matches up correctly traffic is allowed to proceed.

The device addresses can be listed my individual MAC addresses, predefined groups based on device type or custom made groupings of the MAC addresses.