Blocking Randomized MAC
Hi,
Is there a way to block devices using randomized MAC addresses in Zenarmor?
Thanks,
AR
-
Official comment
Hi @AR, that should be possible with Device Access Control - Blocking unauthorized devices.
Please see this document:
Comment actions -
Hi Matt,
Thanks, I've looked at that but it doesn't do what I need.
I'm not looking to whitelist every devices as this would be very time consuming to maintain and require intervention with every visitor's device.
I'd just to like exclude any device using a randomized MAC address to be blocked. Using randomised MAC is an effective way of by passing Policies set in place for known devices.
Thanks.
-
Thanks for the update Matt.
I can see this being used in our commercial environment but where it will really shine, is in the home environment for parental control.
This essentially would prevent kids using randomized MACs to by pass filtering while still allowing visitors internet access without having to manually set each device as trusted.
Thanks
-
I've noticed that you can now see if a device is using a randomized MAC address - this is flagged against a device.
This is fine but has very little benefit on its own. Any action taken against such device is still manual and not system wide. Which means having to intervene every time a new device connects.
To make this a useful feature, there needs to be an option to block/restrict such devices in Policy settings.
-
I understand how trusted and untrusted devices work. And this doesn't cover the issue of randomized MACs.
You have the ability to identify randomized MACs - so why not allow blocking without manual intervention?
I don't want to logon to Opnsense every time I have a visitor.
If I have visitors, all they they need to do is turn off randomized MAC to get access.
If they use randomized MAC then no access. It's a very simple request.
Please pass this on to the developers.
Please sign in to leave a comment.
Comments
8 comments