Greetings. I'm in the process of deploying a brand new Sophos UTM (v9.310-11) with three AP100s to give our office good wifi coverage.
I've decided to implement MAC address filtering, just to discourage my users from sharing our WPA2 PSK with office guests rather than requiring them to get a hotspot voucher. I'd rather that wifi devices using our network (which is bridged to our internal LAN) are approved devices only (whether they be work or personal devices), and MAC filtering is enough of a pain to workaround that it keeps our users from trying to circumvent this intention. I'm aware that users could change their MAC on many devices, but most won't and the overall security will be somewhat increased.
That said, I'm having trouble with the implementation. It seems supported well enough in this UTM version. I've set the Wireless Network for MAC filtering type "whitelist" and then defined a MAC address list for approved devices' MAC addresses.
Where I'm running into a problem is that once I've added a new MAC address to my whitelist, they are still blocked from connecting to the wifi. It's as though the Wireless Protection rules didn't the updated whitelist. They will still have their authentication rejected with reason="not whitelisted". The only workaround to this that I've found is to go and disable that wireless network, wait a little bit, then re-enable it. That seems to force Wireless Protection to re-read the MAC address whitelist and start letting the new address in. This isn't really an acceptable solution though, as turning off the wireless network periodically to update the whitelist is highly disruptive.
Am i doing something wrong, or is there an alternate fix for this behaviour?
Thanks,
Frank
This thread was automatically locked due to age.
