how can I control new computers connect to zywall

lechulysy
lechulysy Posts: 5  Freshman Member
First Comment
edited April 2021 in Security

I use Zywall 110.

After connecting a new computer to zywall (no MAC in IP/MAC Binding table) I would like to receive a notification (e.g. via email). If it is possible? If not how can I block this computer to "see" LAN?

All Replies

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,385  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    edited December 2019

    Hi @lechulysy,

    When a new computer is connected and get IP from ZyWALL, since the log for DHCP is not categorized as an "Alert" log, ZyWALL won’t send an email notification when a new computer is connected.

    Do you let unknown computers to access Internet only but not to access lan resource/server? 

    You can assign another interface such as lan2 for unknown computers and add a security policy rule as follows.

    From LAN2, To LAN1, Action: deny, Log alert

  • lechulysy
    lechulysy Posts: 5  Freshman Member
    First Comment

    Sometimes the user connects his "home" computer in the office. I need to know that it happened and not allow him access to the LAN, WAN etc. Normaly the new computer has been assigned IP address from "deny" range (this range has set special rules on firewall) but it not works for LAN of course.

  • jasailafan
    jasailafan Posts: 193  Master Member
    5 Answers First Comment Friend Collector Sixth Anniversary

    I guess you need the function called 802.1x port security which is implemented on switch.

    Is it the scenario you need?

    https://businessforum.zyxel.com/discussion/1565/is-there-a-way-to-configure-802-1x-mac-based-on-a-gs1920

  • lechulysy
    lechulysy Posts: 5  Freshman Member
    First Comment

    your right, but I was hoping to do this on the router :)

  • lalaland
    lalaland Posts: 90  Ally Member
    First Answer First Comment Friend Collector Sixth Anniversary

    Firewall/Router is working on layer 3~layer7. e.g. web authentication.

    As for your requirement, it need to restrict on layer 2 switch to avoid unknown device access to office network.

Security Highlight