Sophos Firewall

Discussions Finding a MAC address

Sophos Firewall requires membership for participation - click to join

Thread Info

State Suggested Answer
Locked Locked
Replies 2 replies
Answers 1 answer
Subscribers 37 subscribers
Views 3622 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Finding a MAC address

FrasianX0 9 months ago

What is the best way to locate a rouge devices MAC address that was connected to our network using XGS firewall and or XDR?

This thread was automatically locked due to age.

Top Replies

Vivek Jagad 9 months ago +1 suggested

Hello FrasianX0 , Thank you for reaching out to the community, Enable Spoof protection trusted MAC

0 Vivek Jagad 9 months ago

Hello FrasianX0 ,

Thank you for reaching out to the community, Enable Spoof protection trusted MAC

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Global Support & Services

Log a Support Case | Sophos Service Guide
Best Practices – Support Case

Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up +1 Vote Down

Cancel
0 Wayne Folta 9 months ago

When you say "was connected" are you asking a hypothetical as in "given that a rogue device is connected, how would you detect it" or do you literally mean that one was connected in the past and you're trying to look back to figure out what and when?

Assuming you're wanting to look into the past: I'm thinking if the device got an IP address via DHCP, that associates a MAC address with the IP and the record of that might still be accessible. Also, there are neighbor tables that have MAC addresses of neighbors.

But MAC addresses can be spoofed, so do you really want a MAC address? What's your goal? Also, was this wired or wireless (and do you use Sophos APs)?
Cancel
Vote Up +1 Vote Down

Cancel