USG 1000 block by mac address

mm_bret
mm_bret Posts: 56  Ally Member
First Anniversary 10 Comments
edited April 2021 in Security
I have a pc or device on my network which I don't recognize.
I'm not able to go to the physical location.
How can I block this device from connecting to my lan?

We have dhcp setup on the router.
All ideas appreciated.
Bret

All Replies

  • PeterUK
    PeterUK Posts: 2,655  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer

    The USG can't block by MAC so you have two options:

    1. get a managed switch and ACL by MAC.

    2. use the IP/MAC Binding in the USG to give the MAC a fixed IP you can block in the firewall.


  • mm_bret
    mm_bret Posts: 56  Ally Member
    First Anniversary 10 Comments
    Peter,
    I have a managed switch..so I'll investigate that option.
    Regarding the ip/mac binding, I was playing with that on a local USG 1000 in my office, and locked myself out of the router. Luckily I had backed up my startup-config and recovered nicely..
    However I couldn't figure out how to block in the firewall.
    Should I create an address using Objects, then use that object name in the firewall?

    Thanks again for your input.


  • PeterUK
    PeterUK Posts: 2,655  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited September 2020

    Should I create an address using Objects, then use that object name in the firewall?

    Yes but you need the ip/mac binding to make that MAC be fixed to a IP 

    Doing it by managed switch would stop the MAC getting a IP but if it changes its MAC it be allowed again even if not they can set a fixed IP and have access to the subnet. 

    do you know if the device on your network is connected to a switch port? 

Security Highlight