Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to change Packets TTL (Time to Live) value in firewall?

Is there a feature in Sophos Firewall to change TTL value of packets so that the authorized users in my network cannot share internet access by creating their personal WiFi Hotspot to connect unauthorized users to access the internet through my network?

Please let me know and help me on this matter. If there is no such feature in Sophos Firewall then how can we recommend the Sophos to add this feature in their firewall as soon as possible.

Thank you so much 



This thread was automatically locked due to age.
Parents
  • Sophos Firewall does not support changing TTL value of Packets to limit internet access to 1 or 2 networks ahead of Firewall. This feature enables the control over packet life so the user cannot share the internet access to any other user which can access internet through WiFi Hotspot of mobile phones or laptops. Sophos should provide this feature in it's firewall as it is available in Mikrotik Firewall rule in mangle settings through postrouting feature as I am already using it through mikrotik router behind my Sophos firewall to block users of network to create Hotspot in their devices and share internet access and bandwidth to unauthorized users.

    Please to something for this requirement.

    Thanks.

  • I am not quite sure, i understand what you mean. So you are saying, a client is opening a hotspot to your network and tunnel other clients to the network with a MASQ?

    How would a TTL feature prevent this ? You are saying if the TTL exceed something, then the firewall drops this, as it indicates a tunneling ?

    __________________________________________________________________________________________________________________

  • TTL feature drops the packet life to live and prevents it from reaching next devices. Like if I am creating a hotspot wifi from my mobile device then the packet coming from firewall will have only 1 TTL so I can use it to access internet, but when a device connected to my hotspot the packet TTL cannot reach that device as it only had 1 TTL to my device only. So the 3rd device will not have access to internet via my mobiel wifi hostspot.

    This feature is available in Mikrotik>IP>Firewall>Mangle> New rule> Chain(Postrouting)>Action(Change TTL)>

Reply
  • TTL feature drops the packet life to live and prevents it from reaching next devices. Like if I am creating a hotspot wifi from my mobile device then the packet coming from firewall will have only 1 TTL so I can use it to access internet, but when a device connected to my hotspot the packet TTL cannot reach that device as it only had 1 TTL to my device only. So the 3rd device will not have access to internet via my mobiel wifi hostspot.

    This feature is available in Mikrotik>IP>Firewall>Mangle> New rule> Chain(Postrouting)>Action(Change TTL)>

Children
No Data