Allow MAC address in Security Policy
edited August 2022 in Nebula Ideas
Hello, I would like to propose the possibility to create in Nebula security policies based on MAC address as the IP-based ones are easily bypassed.
In a scenario where I want to block for example Youtube to a specific client just that this changes IP and bypasses the rule.
In your application scenario, we would suggest you can config IP/MAC binding settings on Static DHCP table.
Then creating a security policy to define that IP address would be blocked by a security profile(Content filter, App patrol).0
Thank @Zyxel_Jeff you for your answer but this is not a definitive solution that can be applied to all scenarios.Of course it can be used in contexts where there are few clients but in a context where it is possible to reserve only a few IPs and there are several machines that alternate it becomes impractical and very time-consuming.And if the owner of the client with the MAC xx.xx.xx.xx.xx.xx changes the IP address by hand here is that the rule does not work.The right answer to this problem is to be able to directly apply the rule on the MAC and not to assign an IP address to a specific MAC and then apply the rule.I hope that this thing will be taken into account because it is particularly important, at least for me.Sorry for my bad english
PeterUK Posts: 1,870And whats stopping the client from changing their MAC ? same problem I mean OK I like the idea of doing firewall by MAC....
Another way is to get a switch with DAI (Dynamic ARP inspection) this forces all clients to do DHCP to get a IP meaning change the IP does not allow access so IP/MAC binding works...Until the user changes the MAC of coarse..1
Changing MAC address is not as easy as changing IP but yes with your solution we have a strong authenticity of the client which means introducing more hardware and configuration.
Taking your example I think even more that this possibility is almost an obligation to be included in Nebula because you have undergone a system that in any case significantly increases the capacity for action.
For those who have the possibility the system you described (which I did not know) greatly increases the security of clients accessing the system.
Sorry for my English
- 8.5K All Categories
- 1.6K Nebula
- 72 Nebula Ideas
- 57 Nebula Status and Incidents
- 4.5K Security
- 227 Security Ideas
- 986 Switch
- 46 Switch Ideas
- 883 WirelessLAN
- 24 WLAN Ideas
- 5.2K Consumer Product
- 158 Service & License
- 280 News and Release
- 99 Success Stories
- 61 Security Advisories
- 13 Education Center
- 581 FAQ
- 263 Nebula FAQ
- 160 Security FAQ
- 76 Switch FAQ
- 75 WirelessLAN FAQ
- 7 Consumer Product FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 62 About Community
- 46 Security Highlight