Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 3802 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to change Packets TTL (Time to Live) value in firewall?

Dev Sky

Is there a feature in Sophos Firewall to change TTL value of packets so that the authorized users in my network cannot share internet access by creating their personal WiFi Hotspot to connect unauthorized users to access the internet through my network?

Please let me know and help me on this matter. If there is no such feature in Sophos Firewall then how can we recommend the Sophos to add this feature in their firewall as soon as possible.

Thank you so much 



This thread was automatically locked due to age.
Parents
  • 0

    Sophos Firewall does not support changing TTL value of Packets to limit internet access to 1 or 2 networks ahead of Firewall. This feature enables the control over packet life so the user cannot share the internet access to any other user which can access internet through WiFi Hotspot of mobile phones or laptops. Sophos should provide this feature in it's firewall as it is available in Mikrotik Firewall rule in mangle settings through postrouting feature as I am already using it through mikrotik router behind my Sophos firewall to block users of network to create Hotspot in their devices and share internet access and bandwidth to unauthorized users.

    Please to something for this requirement.

    Thanks.

  • 0 in reply to Dev Sky

    I am not quite sure, i understand what you mean. So you are saying, a client is opening a hotspot to your network and tunnel other clients to the network with a MASQ?

    How would a TTL feature prevent this ? You are saying if the TTL exceed something, then the firewall drops this, as it indicates a tunneling ?

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    TTL feature drops the packet life to live and prevents it from reaching next devices. Like if I am creating a hotspot wifi from my mobile device then the packet coming from firewall will have only 1 TTL so I can use it to access internet, but when a device connected to my hotspot the packet TTL cannot reach that device as it only had 1 TTL to my device only. So the 3rd device will not have access to internet via my mobiel wifi hostspot.

    This feature is available in Mikrotik>IP>Firewall>Mangle> New rule> Chain(Postrouting)>Action(Change TTL)>

Reply
  • 0 in reply to LuCar Toni

    TTL feature drops the packet life to live and prevents it from reaching next devices. Like if I am creating a hotspot wifi from my mobile device then the packet coming from firewall will have only 1 TTL so I can use it to access internet, but when a device connected to my hotspot the packet TTL cannot reach that device as it only had 1 TTL to my device only. So the 3rd device will not have access to internet via my mobiel wifi hostspot.

    This feature is available in Mikrotik>IP>Firewall>Mangle> New rule> Chain(Postrouting)>Action(Change TTL)>

Children
No Data
Unfiltered HTML