Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 28 subscribers
  • Views 1538 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Require help on MAC based restriction + VPN through DYDNS address

A Agarwal

Hi,

I'm using the Sophos XG105 at home, and am not very technical. I wish to do the following:

 

1. Set up MAC based restriction so that only registered MAC addresses can access the internet. From my little research, I found out that if there's a switch (in my case a Cisco unmanaged switch) or router between the Sophos and the clients, the MAC address restriction doesn't work. I tried to add MAC hosts, and then add it to the firewall rule under 'Source Network and Devices' under LAN, but the clients are disconnected from the internet then. 

 

2. Set up a L2TP VPN connection, which uses DYDNS host name. My ISP gives a dynamic IP, hence I have created the DYDNS entry, and created the L2TP VPN connection, but the issue is how to link the DYDNS host to the VPN so that I can access it from outside the network. 

 

3. Just wondering if instead of the IP address used to log into the Sophos UTM from within LAN, I can use a domain name like www.firewall.com:4444. If yes, some help would be greatly appreciated. 

 

4. Need help to create 2 networks, one for guests and one for Registered users, so that guests are isolated from the LAN, and can only access the internet, as per the policy set for them. 

 

Cheers!



This thread was automatically locked due to age.
  • +1

    Hi,

    1. Set up MAC based restriction so that only registered MAC addresses can access the internet. From my little research, I found out that if there's a switch (in my case a Cisco unmanaged switch) or router between the Sophos and the clients, the MAC address restriction doesn't work. I tried to add MAC hosts, and then add it to the firewall rule under 'Source Network and Devices' under LAN, but the clients are disconnected from the internet then.

    Ans: This MAC restriction will not work if your switch is working in L3 mode (Routing). AS this is home so you may have unmanaged or Layer 2 switch only so there is no problem. This feature will work. Read this feature guide and try again:

    https://community.sophos.com/kb/en-us/123072

     

    2. Set up a L2TP VPN connection, which uses DYDNS host name. My ISP gives a dynamic IP, hence I have created the DYDNS entry, and created the L2TP VPN connection, but the issue is how to link the DYDNS host to the VPN so that I can access it from outside the network. 

    Ans: There is no special configuration for L2TP over the DyDNS. You have to configure only L2PT Remote access VPN and now This DYDNS will add in the client machines. 

    How to configure L2TP VPN:https://community.sophos.com/kb/en-us/125446

    How to Configure Win10 as a client: https://community.sophos.com/kb/en-us/132253    (Add DYDNS address under the Server name or address option)

     

    3. Just wondering if instead of the IP address used to log into the Sophos UTM from within LAN, I can use a domain name like www.firewall.com:4444. If yes, some help would be greatly appreciated. 

    Ans: Yes you can it. Allow HTTPS over the WAN interface and now you can use the DYDNS address from the LAN and WAN both to login in the firewall. 

     

    4. Need help to create 2 networks, one for guests and one for Registered users, so that guests are isolated from the LAN, and can only access the internet, as per the policy set for them. 

    Ans: Are you on the Sophos WIFI? Do you have any manageable switch? Share that information so I can help you more on this option.

     

     

     

  • +1 in reply to Deepak Verma

    Item 3 only works if you have an active internet connection.

    Ian