Hi, all. Is there any way to restrict remote access user by MAC address?

Question

Hi, all. We have settings that our users can use VPN (remote access (SSL) ) to access our internal network. 
 Now, we want to restrict that only designated devices are allowed to do that. Means, public PCs will not be allowed to access our internal network even if the VPN connection was established. 
 
 We have created a MAC list under "Network definitions", and apply this list to the firewall rule. The thing is, after applying the mac addresses list to the rule, all connections from that VPN user were failed even if we have added the Mac addresses of all NICs on that device. If not applying the mac list, the network went back to normal. 
 
 Any answer will be highly appreciated. 
 
 Thanks.

DouglasFoster · Answer

MAC addtesses are discarded in transit. That is the diffetence betwern LAN and WAN. 
 You want a Network Access Control (NAC) product. UTM does many things, but not that.

LuCar Toni · Answer

Sophos XG with Synchronized Security can deliver your requirements. 
 https://community.sophos.com/kb/en-us/132526 
 Basically all clients can install and start the tunnel. But only with a Sophos Endpoint on the client, you can communicate to your facilities.