MAC Hosts Not Working in SSL/TLS Inspection Rules

I have an SSL/TLS Inspection Rule to match mobile phones so that no inspection occurs.

If I specify 'Source networks and devices' by MAC Host then the rule isn't matched, if I use the IP address of the same devices then the rule is matched.

Why aren't MAC Hosts working?

  • I solved this myself but thought I would update here in case anybody else was searching for a solution to a similar problem.

    Our XG sits in a separate sub-net and VLAN, traffic is routed to it via a layer 3 switch. MAC address information is only available at level 2 and therefore doesn't get passed when the traffic is routed, hence there is no MAC information available to the XG.

    Like a lot of solutions, it is obvious when you know the answer!