This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block host from network

Advanced threat protection has found a threat. Upon further investigation I believe this host is rogue. Can I block this host from my network, or create a rule to deny all network traffic? I am not looking for just internet traffic, but all network traffic. Better yet, block the MAC address completely.

This thread was automatically locked due to age.

0 ThorstenSeiler over 8 years ago

As long as the client ist connected directly on a Port of your UTM or indirectly insolated via a VLAN, the client will be able to communicate witth the whole network (i.e. other internal clients or servers). The only solution to this is unplugging the network cable of the client or if you have a managed switch to disable the specific port.

With Sophos XG and Central managed Antivirus (with Heartbeat) the client will be disconnected automatically by the systems local AV-Client (if I understood the Heratbeat-Concept correctly...)

Regards,

Thorsten

---------------------------------------------------------------------

Using Sophos XG or UTM with Wifi Hotspot and Password of the Day?
Try our FREE Password of the Day APP!

For Sophos UTM
Apple iOS: http://apple.co/1YzD2vU
Google Android: http://bit.ly/23ELyRq For Sophos XG
Apple iOS: https://appsto.re/de/aZjTdb.i
Google Android: http://bit.ly/2bbimf1
Cancel
Vote Up 0 Vote Down

Cancel

Block host from network

Submitted a Tech Support Case lately from the Support Portal?