This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

User MAC binding for IPsec Remote Access VPN in v19.5

Muhammad Abdullah Siddiqui over 1 year ago

Hi,

Is MAC binding feature introduced in v19.5. As we want to achieve MAC binding in IPsec remote access VPN so that only allow MAC addresses can connect to VPN. After searching, this is not achievable as XG doesn't recognize MAC pre-connection.

Regards,

Abdullah Siddiqui

This thread was automatically locked due to age.

Top Replies

emmosophos over 1 year ago +1 verified

Hello, Thank you for contacting the Sophos Community. MAC binding is supported in the Firewall; however, for Remote Access VPN, the Firewall can't bind remote access VPN users with MAC addresses because…

+1 emmosophos over 1 year ago

Hello,

Thank you for contacting the Sophos Community.

MAC binding is supported in the Firewall; however, for Remote Access VPN, the Firewall can't bind remote access VPN users with MAC addresses because the Firewall won't see the Mac address of the device.

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up +1 Vote Down

Cancel
0 Muhammad Abdullah Siddiqui over 1 year ago in reply to emmosophos

Hi Emmanuel,

Thanks for sharing. we have already performed this, but this doesn't provide us the required results. Further, in live user tab users showing does not contain MAC addresses which might mean that IPsec is not learning MAC addresses?

Regards,

Abdullah
Cancel
Vote Up 0 Vote Down

Cancel
0 emmosophos over 1 year ago in reply to Muhammad Abdullah Siddiqui

Hello,

As mentioned, MAC binding isn’t supported for Remote Acess IPsec. This is because the Firewall will never see the original MAC address of the computer attempting to connect.

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 Muhammad Abdullah Siddiqui over 1 year ago in reply to emmosophos

Acknowledged! I was replying to someone from your team who asked me to configure it by binding MAC address but he deleted his comment. Never mind, thanks for your clarification as wanted to share Sophos team verdict on this matter.
Cancel
Vote Up 0 Vote Down

Cancel