Allow MAC address in Security Policy
pentasoft_albe
Posts: 17 Freshman Member
Hello,
I would like to propose the possibility to create in Nebula security policies
based on MAC address as the IP-based ones are easily bypassed.
In a
scenario where I want to block for example Youtube to a specific client
just that this changes IP and bypasses the rule.
Thanks
1
Comments
-
In your application scenario, we would suggest you can config IP/MAC binding settings on Static DHCP table.
Then creating a security policy to define that IP address would be blocked by a security profile(Content filter, App patrol).
Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L
0 -
Thank @Zyxel_Jeff you for your answer but this is not a definitive solution that can be applied to all scenarios.Of course it can be used in contexts where there are few clients but in a context where it is possible to reserve only a few IPs and there are several machines that alternate it becomes impractical and very time-consuming.And if the owner of the client with the MAC xx.xx.xx.xx.xx.xx changes the IP address by hand here is that the rule does not work.The right answer to this problem is to be able to directly apply the rule on the MAC and not to assign an IP address to a specific MAC and then apply the rule.I hope that this thing will be taken into account because it is particularly important, at least for me.Sorry for my bad english
0 -
And whats stopping the client from changing their MAC ? same problem I mean OK I like the idea of doing firewall by MAC....
Another way is to get a switch with DAI (Dynamic ARP inspection) this forces all clients to do DHCP to get a IP meaning change the IP does not allow access so IP/MAC binding works...Until the user changes the MAC of coarse..1 -
Ciao @PeterUK
Changing MAC address is not as easy as changing IP but yes with your solution we have a strong authenticity of the client which means introducing more hardware and configuration.
Taking your example I think even more that this possibility is almost an obligation to be included in Nebula because you have undergone a system that in any case significantly increases the capacity for action.
For those who have the possibility the system you described (which I did not know) greatly increases the security of clients accessing the system.
Sorry for my English
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight