This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

MAC Whitelist

Dear Community,

is there an easy way or a guide / tutorial thats shows how it´s possible to add a whitelist for allowed MAC addresses that using wifi on a XG appliance?

All i´ve found is for older devices or how to block (blacklist) access for specific MAC addresses.

Thanks in advance.

This thread was automatically locked due to age.

0 intrusus over 4 years ago
Hi,

I didn't find it in the Knowledge base, so here is a guide how it should work out.
Please note that you must pay attention to how you have set up your wireless network. Bridged access points to the LAN or other configuration settings could cause problems and you may need to adjust these other settings accordingly.

Add a so called Mac host at System > Hosts and Services > MAC host

Add a firewall rule to allow traffic from Wifi Zone and the specific mac host list to WAN

Don't forget to create a SNAT rule to masquerade traffic when going out to WAN

Kind regards,
Intrusus
Sophos Certified Engineer | Sophos Certified Technician

_{private lab:
XG firewall with SFOS 20.X running on Proxmox}
_{If a post solves your question use the 'Verify Answer' link}
Cancel
Vote Up 0 Vote Down

Cancel
+1 LuCar Toni over 4 years ago in reply to intrusus

Another approach is to use the MAC Filter in Wireless.

+

This would allow / deny a Client connecting to the wireless.

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel
0 intrusus over 4 years ago in reply to LuCar Toni

Haha that's true, of course. Unfortunately I haven't had anything to do with wireless so far because I run my private lab on a vSphere environment. Thanks for the hint :D

So, LuCar Toni is there a situation when using firewall rules with WiFi as zone is required?

Intrusus
Sophos Certified Engineer | Sophos Certified Technician

_{private lab:
XG firewall with SFOS 20.X running on Proxmox}
_{If a post solves your question use the 'Verify Answer' link}
Cancel
Vote Up 0 Vote Down

Cancel
0 Edvvde over 4 years ago in reply to LuCar Toni

Ahhhh perfect, thanks a lot!
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni over 4 years ago in reply to intrusus

SSID Macfilter will prevent the Client in connecting to the AP in the first place.

MAC Filtering in the firewall will basically stop the packet on the Arrival and do not process the packet any further.

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel
0 intrusus over 4 years ago in reply to LuCar Toni

Okay, easy and clear to understand! :)

So last point now in this conversation, wondering how best to combat Mac spoofing in the area of wireless protection... Are these articles the right way or do I have to consider something different regarding protecting my wireless network against it?

https://community.sophos.com/kb/en-us/123009

https://community.sophos.com/kb/en-us/123130

Cheers,

Intrusus
Sophos Certified Engineer | Sophos Certified Technician

_{private lab:
XG firewall with SFOS 20.X running on Proxmox}
_{If a post solves your question use the 'Verify Answer' link}
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni over 4 years ago in reply to intrusus

MAC Spoofing is some sort of difficult in those approaches.

First of all, you would go with a Encrypted Wireless. WPA2 Enterprise would be a good way to go, if you have concerns about MAC spoofing.

This will increase the entry level for a attacker.

The Whitelist approach is the next level for an attacker. He has to find out a whitelisted MAC address.

Those two approaches are the first level on Wireless level.

Next could be, to activate a detection system like MAC spoofing on XG.

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel