Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 2 answers
  • Subscribers 27 subscribers
  • Views 7685 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

About MAC binding in XG210

MandanaNoroozi

Hi;

I've the same problem with MAC binding too. I can bind devices (like PCs) by IP but what about wifi connectivity or other OS?

Is there any solution?

Regards,



This thread was automatically locked due to age.
  • 0

    Hi Mandana,

    Can you please provide us more information on this?

    Thanks

  • 0 in reply to sachingurung

    Hi,

    I want to bind users (PS,laptop,tablet,Cellphone  ...)  by MAC binding in our LAN.I mean that any user can only connect with specific MAC in defined devices. but i have problem and Sophos firewall  can't do it. It's OK when  I bind them by IP but how can I do it for wifi? 

     I think MAC binding works only for client based authentication mechanisms.

    Thanks,

    Mandana

  • 0 in reply to MandanaNoroozi

    Hi Mandana,

    I think you are looking for Sppof Protection for trusted MAC, go to 

    Refer the below documents for configurations:

    community.sophos.com/.../123009

    https://community.sophos.com/kb/en-us/123130

    Thanks

  • 0 in reply to MandanaNoroozi

    HI Mandana , 

    I have some confusion with Your Query , Now in a network you have some issue with MAC binding to a host system i.e Static DCHP ? Now IF your systems have a MAC address you may create a MAC Based Firewall rule to allow/deny traffic . But this setup does not require authentication process. If you are using Authentication in your network via XG then you would need to use Authention Client as MAC address of your system you are authenticating  would be forwarded to your XG applaince and would not work with  Captive Portal .

    Secondly for you WIFI , Please check the traffic via Packet Capture for the traffic through XG . You would need to verify if  your WIFI device is in  Gateway or Bridge/Access mode. If your Wifi is in Gateway mode the MAC  address of your host system connected would not be forwarded to your XG appliance so Access Mode is preffered in Mac based filtering . 

    If you not using authentication you may Filter your traffic based on MAC based rules. You may refer the KB link https://community.sophos.com/kb/en-us/123072 . in SFOS there is an option to manage the Wireless AP (Applicable to Sophos AP) there you may have a MAC list to allow/deny connection to your AP. 

    Otherwise if your  want to make a list for trusted MAC to allow traffic through XG then it would be considered under MAC SPOOFING but this would allow connection in an existing MAC in the MAC table. First Mac will be filtered then it would be allowed to pass through the role as per the firewall rules.

    Thanks and Regards 

    Aditya Patel | Network and security Engineer.