This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block MAC address from internet access - settings not working

Hi,

Sophos UTM 9.503-4

I have completed the setup to block a mac address from accessing the internet however traffic continues to flow to the device.

1. Network Definitions - MAC Address Definitions - MAC Address List - "Block MAC" [Device MAC Address]

2. Firewall - Rule - [Network] >> Any >> [Any] - Drop - Source ["Block MAC"] - placed at the top of firewall rules

3. Firewall Log - Filter [Device MAC Address]

[Time] - Packet Filter rule [Rule #]  - TCP - [Device IP:Port] - [Destination IP:Port] - [SYN] .... - srcmac={Device MAC Address] dstmac=[Destination MAC Address]

I am testing the device and navigate the internet without encumbrance.

What have I missed?

 

Thanks,

David



This thread was automatically locked due to age.
Parents
  • Karlos gave you the two possible solutions, David.  To understand a bit better, see #2 in Rulz and Doug Foster's take on some of that: READ ME FIRST: UTM Architecture.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    I did read the rulz before hand to see if I was going about the MAC filtering properly but clearly I did not understand.  The UTM architecture article gave me a better understanding on how the rulz are applied and proxies are separate.  It re-enforces I have a lot to learn about the UTM.

     

    Thanks for the info,

    David

     

Reply
  • Hi Bob,

    I did read the rulz before hand to see if I was going about the MAC filtering properly but clearly I did not understand.  The UTM architecture article gave me a better understanding on how the rulz are applied and proxies are separate.  It re-enforces I have a lot to learn about the UTM.

     

    Thanks for the info,

    David

     

Children
  • It's easy enough for the host IP address to be changed on the device itself.  MAC spoofing is also possible but usually more difficult to achieve.  Blocking by mac address is available even in the cheapest consumer grade products. It's odd to see this oversight in such a feature full firewall.  One should simply be able to define a mac address and assign a rule to block all internet access.  No user lists, or other work arounds.

  • Jay, it is possible to block by MAC in the firewall, just not directly in Web Filtering.  If you want to block by MAC in Web Protection, you have to associate an IP to the MAC.  Blocking by MAC is less necessary in a corporate environment where LDAP and AD servers can be used to regulate users' behavior, so I don't think adding a MAC address check to the Proxy would make sense outside of home users.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA