Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 8 subscribers
  • Views 1324 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Static mapping physical address with user account on Sophos

VuHuynh

I have a Sophos SG210 UTM. We are currently using the SSL VPN client, which can be downloaded from the user portal onto any computer. My manager doesn't like the fact that someone can install the VPN client on their personal computer.

I have a full list of Mac address (ex: 58-8A-5A-1E-E4-27) of domain computers. How to mapping the Mac address with VPN users that creating on Sophos? My target is the VPN SSL access that would only be from domain computers (available in known Mac address list)

Please give me some advice and any options supported by Sophos that would accomplish this.

Thanks in advance,
Best regards,
Vu



This thread was automatically locked due to age.
Parents
  • 0

    Chào Vu,

    Someone here may correct me if I'm wrong, but I don't think the local MAC address of a remote user is available in the packets that arrive until the user is connected via VPN, so I don't think what you want to do is possible.

    You might be able to harvest the username and MAC with a packet capture and then warn people using a personal computer to uninstall the client from their personal device or face punishment.

    There are other remote access tools that check for the presence of an "approved" stamp or a specific anti-virus, but those require not allowing users to be administrators of the company-owned device.  None of the Sophos Remote Access tools include the ability to use this technique.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    Chào Vu,

    Someone here may correct me if I'm wrong, but I don't think the local MAC address of a remote user is available in the packets that arrive until the user is connected via VPN, so I don't think what you want to do is possible.

    You might be able to harvest the username and MAC with a packet capture and then warn people using a personal computer to uninstall the client from their personal device or face punishment.

    There are other remote access tools that check for the presence of an "approved" stamp or a specific anti-virus, but those require not allowing users to be administrators of the company-owned device.  None of the Sophos Remote Access tools include the ability to use this technique.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML