I am searching around here for hours but can't find an Answer.
I Have a Bridge to LAN Wi-Fi with wpa2 full length random letters and numbers Password. Today I saw the DC`s DHCP has leased an IP to an unknown device.
MAC 12:11:23:4b:40:86 Name A30-von-Nalan (I think Samsung A30 but mac seems to be virtual) I don't know anyone with this Name.
Device is not longer online (can't ping it or something) Lease time 8days lease ends 27th NOV so it was active at the 19th
witch are actual in Wi-Fi. NO RESULTS for Connect or Disconnect events just firewall rules !!! So I googled around and found this:
Ok Going there, I see only actual connect activities but no log for 3day old activities.
Can this be true that there is no log functionality for Wi-Fi access and no warning function for random connection attempts with wrong Wi-Fi passwords or something or new connection from first time mac addresses??
I mean bought new APs for 2500 € and can't believe this essential security feature is nowhere? (UTM had it)
Do the APs log that events internal and how do I get those?
So Please help me! Looks like I am to stupid for this.
Thank U for reading and answers.
I can confirm that I have not found anything to create log files.
I also miss the possibility for wireless via Sophos Central, to banish equipment or even create filters. This is standard with every Fritzbox standard, but apparently not possible with Sophos.If someone has a solution for this, for example, one needs another tool or a firewall, so I would be grateful for an answer.
Hi, I have found a way to block devices based on MAC address on wifi.Log in to Sophos CentralWirelessSSIDsselect the SSID in which the device appearedAdvanced settingsSecurityMAC Filtering (at the bottom)None" is selected by default, but you can select "List Blocked" or "List Allowed" and then allow or block devices based on the MAC.After editing, do not forget to click on "Save" in the top right-hand corner.
Maybe it will help one or the other.
Translated with www.DeepL.com/Translator