Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 40 subscribers
  • Views 2351 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

When MAC Filtering is enabled, clients with correct password but not on the Whitelist are not appearing in system logs when attempting to connect to the wireless network

alan weir

SFOS 19.5.1

I have wireless protection enabled in SFOS using a Sophos AP. I recently created an MAC host group with a whitelist of MAC addresses of devices that can connect to the wireless network. Recently an Android device that was previously authenticated and allowed to access the wifi network was not added to this MAC address whitelist and does not appear in the system log at all as failed authentication. There is literally no log anywhere of this device as it is attempting to connect to the network using the correct password.

I am at a loss to figure out where the log is that shows the device not authenticating due to not being on the whitelist, and it's MAC address.

EDIT: It isn't until I switch MAC Filtering from Whitelist to None, that the device connects and the DHCP status of it it is renew in the system log.

Then, enabling Whitelist again reproduces the issue; the device not not appear in the system or authentication logs as any authentication error or failed DHCP lease and does not connect to the wi-fi network.



This thread was automatically locked due to age.
  • 0

    Going through the Log settings, it looks like SFOS does not support Wireless logs as the options remains disabled even after enabling it.

  • 0 in reply to alan weir

    Hello Allan

    Good day and thanks for reaching out to Sophos Community

    Could you share if you are able to generate Wifi authentication log on SF: wc_remote.log. To filter logs only from an AP you can re-direct all the log files in to new file in the /tmp directory. In this example AP serial number is: P52001694HYY903.

    On Advance shell:

    cat wc_remote.log | grep P52001694HYY903 > /tmp/P52001694HYY903.text

    Then, to read the log files in the /tmp file use the cat or less command. File the output using MAC address.

    less /tmp/P52001694HYY903.text

    Kindly let us know of the outcome. Many thanks for your time and patience and thank you for choosing Sophos

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • 0

    A lot of modern Android devices default to using ramdom MAC addresses.
    Did you check that this specific device uses the device MAC?

     
    SFVH (SFOS 20.0.0 GA-Build222) - Last (re)boot on November 6th  2023
    Asus H410i-plus - Pentium 6605 Gold - 250GB M.2 PCIe NVMe SSD - 8GB - 3 ports
    [If any of my posts are helpful to you please use the 'Verify Answer' link]
  • 0 in reply to Peter-Paul Gras

    The device is set to use it's hard-coded MAC. A post from a few years ago states the wireless log was no longer included since XG version 16. Most likely I will attempt to try Sophos Central wireless anyways after I try the advanced shell option above first.

Unfiltered HTML