Blocking access to LAN, from a specific MAC that's connected via WIFI (APX)

Question

Hello everyone, 
 
 I have a Sophos XG firewall, and an APX320 access point. The access point is in "Bridge AP to LAN" mode. 
 At the network level, Port 1 is the LAN (which goes to a switch), Port 2 is the WAN. 
 
 I am adding a computer to the network that will connect through this access point. I was hopeful to allow it to access WAN, but completely isolate it from the LAN. 
 Unfortunately, any rules that I set to drop/reject traffic from this MAC address, for example: 
 Source: Any zone, "The MAC address" Destination: Any zone, Any host What: Any service 
 Do not successfully drop local packets. 
 How can this be achieved? 
 Thank you!

FormerMember · Answer

Hi Alexandre Lemaire , 
 Thank you for reaching out to the Community! 
 Is this drop traffic rule on top of all the firewall rules? I'd suggest you run a packet capture to identify the firewall rule for this traffic. 
 
 Sophos Firewall: Monitor traffic using Packet Capture Utility 
 
 Is there any specific reason why you bridge the wireless network to LAN? If you want to isolate wireless devices from the LAN network, configure a separate zone wireless network. 
 Thanks,

Blocking access to LAN, from a specific MAC that's connected via WIFI (APX)

Top Replies