Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 2 answers
  • Subscribers 29 subscribers
  • Views 8977 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How do I assign users/groups based on MAC addresses?

Pickle Rick

Basically in my Sophos XG17 firewall rules I have the option to MATCH IDENTITY per firewall rule and I would like to group specific devices via MAC addresses and then assign them to those specific firewall rules.  How do I go about doing that?



This thread was automatically locked due to age.
  • 0

    Don't think you can do it from the GUI, maybe the CLI.

    The only other way is to assign a static IP address to a MAC and add that the address to a clientless group.

    ian

  • 0

    Hi,

     Your requested feature for user and mac binding is not supported as of now,

    But it's coming as part of synchronized security with Sophos central Endpoint, with lateral movement control as well.

    Wait for coming SFOS builds.

    Regards,

     

  • 0 in reply to Myth-M

    But, not for home users?

    Ian

  • 0 in reply to Myth-M

    I assume that home users are unable to get on Sophos Central Endpoint or at least be able to purchase a lite version of more advanced security like the Untangle $50 model?

     

    I fully understand that XG firewall is meant for enterprise but honestly the days of enterprise only requirement are numbered, users are no longer safe just behind their NAT, not with IoT taking over the home infrastructure.  Thus, a company like this should divert and honestly look into supporting the home market some more...follow the Untangle Example or the Norton NextGen home firewall example.   The only reason I am not running Untangle right now is because I am too lazy to change everything....I have just recently changed from UTM 9.5, but honestly as things stand right now, a one lazy weekend it's all it will take.  

  • 0 in reply to Pickle Rick

    Hi,

    you can always create a feature request and then post the link here for others to be aware and support you.

    Ian

  • 0

    It's not hard, though it's a little time consuming. Basically you have to go to Network>DHCP>your dhcp server and on static mac mapping add the name, mac and static ip you want. Then you go to authentication, clientless users and add one with the same ip. Enjoy a cold beer(unless you have more work to do, beers and IT do not end well)

     

    The name you added on the clientless will be the one you will filter through the firewall