I've set up a simple home network (no usernames, etc) where every approved device has a Static IP (Host) assigned to it and the device's hardware MAC address is assigned to its respective Static IP.
I'm using the UTM for DHCP and the range of Static IP's is placed outside of the range of the DHCP's assignable IP's.
What I'm trying to do is to set up a "DHCP Purgatory", such that only Approved devices can have access to the network and the internet (according to web filtering and firewall rules) and that any Guest IP's are blocked completely until I manually give them a Static IP that's tied to their MAC address. I still want these Guest devices to initially have a temp IP assigned to them, so that I can see who's trying to connect to the network.
I'm trying to prevent unauthorized people from accessing my Wi-Fi and also from creative teenagers creating their own MAC addresses to bypass blocking. I realize that there are workarounds for this by spoofing an "approved" MAC, but for now the real solution of usernames, etc, isn't feasible (grandparents that write their username's and passwords ON their PC, etc) [:D].
Setting up an "Approved" Group of Static IP Hosts is simple enough and so is the manual Firewall rule(s). However, since I'm using Webfiltering, IPS, Country Blocking, etc, the proxies and automatic firewall rules are taking precedence over my manual rules. I suspect that I need some type of Blackhole NAT, but I'm stuck on the specifics on how to set this up.
Any suggestions on how to set this up, or a better way to accomplish what I'm trying to do would be greatly appreciated.
Thanks,
Ben
This thread was automatically locked due to age.
