Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 22250 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block MAC address from internet access - settings not working

DavidHudson

Hi,

Sophos UTM 9.503-4

I have completed the setup to block a mac address from accessing the internet however traffic continues to flow to the device.

1. Network Definitions - MAC Address Definitions - MAC Address List - "Block MAC" [Device MAC Address]

2. Firewall - Rule - [Network] >> Any >> [Any] - Drop - Source ["Block MAC"] - placed at the top of firewall rules

3. Firewall Log - Filter [Device MAC Address]

[Time] - Packet Filter rule [Rule #]  - TCP - [Device IP:Port] - [Destination IP:Port] - [SYN] .... - srcmac={Device MAC Address] dstmac=[Destination MAC Address]

I am testing the device and navigate the internet without encumbrance.

What have I missed?

 

Thanks,

David



This thread was automatically locked due to age.
  • 0

    Hi David,

    Do you have Web Protection enabled?

    Thanks,
    Karlos

    Karlos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
  • 0 in reply to DavidHudson

    Hi  

    Proxy functions including Web Proxy will precede configured Firewall Rules and MAC filtering can not be applied to Web Proxy.

    Your only options for Web Filtering is by IP address or User Authentication. 

    If you're able to assign a static IP to that device that you would like to block. Then you can use that to create a Web Filter profile that will block access to all. 

    Another option is to add that device (again only by IP or hostname) to the Transparent Mode Skiplist and it will bypass the proxy and the Firewall rules will apply.

    Cheers,
    Karlos

    Karlos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
  • 0

    Karlos gave you the two possible solutions, David.  To understand a bit better, see #2 in Rulz and Doug Foster's take on some of that: READ ME FIRST: UTM Architecture.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to Karlos

    Hi Karlos,

    Thank you explaining how I can achieve the MAC filtering.  It is clear now that I did not understand the rulz and precedence with regards to UTM proxies.

    I will acknowledge, I am still on the learning curve with the UTM.

     

    Thanks again,

    David

  • 0 in reply to BAlfson

    Hi Bob,

    I did read the rulz before hand to see if I was going about the MAC filtering properly but clearly I did not understand.  The UTM architecture article gave me a better understanding on how the rulz are applied and proxies are separate.  It re-enforces I have a lot to learn about the UTM.

     

    Thanks for the info,

    David

     

  • 0 in reply to DavidHudson

    It's easy enough for the host IP address to be changed on the device itself.  MAC spoofing is also possible but usually more difficult to achieve.  Blocking by mac address is available even in the cheapest consumer grade products. It's odd to see this oversight in such a feature full firewall.  One should simply be able to define a mac address and assign a rule to block all internet access.  No user lists, or other work arounds.

  • 0 in reply to Jay Jay

    Jay, it is possible to block by MAC in the firewall, just not directly in Web Filtering.  If you want to block by MAC in Web Protection, you have to associate an IP to the MAC.  Blocking by MAC is less necessary in a corporate environment where LDAP and AD servers can be used to regulate users' behavior, so I don't think adding a MAC address check to the Proxy would make sense outside of home users.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML