SonicOS: How to control traffic with the help of MAC address from LAN to WAN
03/26/2020
54
18575
DESCRIPTION:
SonicOS: How to control traffic with the help of MAC address from LAN to WAN
RESOLUTION:
Video Tutorial: Click here for the video tutorial of this topic
Resolution or Workaround
With SonicOS Enhanced 3.5 on the Pro Models, SonicWall Inc Introduced Dynamic Address Objects. Dynamic Address Objects come in two types:
- FQDN
- MAC
Dynamic Address Objects are Dynamically Updated. Previous to SonicOS 3.5 , already there existed the ability to create MAC Address Objects, but these could only be used in Wireless MAC Filters. With SonicOS 3.5 and above, MAC Address Objects are Dynamically updated with the corresponding IP Address. With this feature this provides the ability to use MAC Address Objects in Firewall Access Rules.
Follow the below procedure to configure the settings on the sonicwall.
1. Create an address object with following settings:
Name: <Computer Name>
Zone: LAN
Type: MAC Address
Address Detail: <MAC address of the computer>
2. Create a firewall access rule for LAN -> WAN with below settings:
Action: Deny
Service: <Any>
Source: <Address object name created in step 1>
Destination: ANY
With the help of above settings you can control the traffice from LAN -> WAN with computer's MAC address.
Note: Address object can be created with "Type" as MAC address only in SonicOS Enhanced 4.0 and above.
Example:
Address Object:
Name: ABC
Zone: LAN
Type: MAC Address
Address Detail: 00:60:73:E3:8F:24
Firewall Access Rule:
Action: Deny
Service: HTTP
Source: ABC
Destination: ANY
Above firewall rule will block HTTP traffic for computer with MAC address specified in ABC address object to internet.
Note: MAC Address Objects are populated based on the SonicWalls ARP Cache. It the MAC Address withthe associated IP address is NOT listed int he ARP Cache, the MAC Address Object will not be resolved to an IP Address.
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
Video Tutorial: Click here for the video tutorial of this topic
Resolution or Workaround
With SonicOS Enhanced 3.5 on the Pro Models, SonicWall Inc Introduced Dynamic Address Objects. Dynamic Address Objects come in two types:
- FQDN
- MAC
Dynamic Address Objects are Dynamically Updated. Previous to SonicOS 3.5 , already there existed the ability to create MAC Address Objects, but these could only be used in Wireless MAC Filters. With SonicOS 3.5 and above, MAC Address Objects are Dynamically updated with the corresponding IP Address. With this feature this provides the ability to use MAC Address Objects in Firewall Access Rules.
Follow the below procedure to configure the settings on the sonicwall.
1. Navigate to Manage | Objects | Address object.
Create an address object with following settings:
Name: <Computer Name>
Zone: LAN
Type: MAC Address
Address Detail: <MAC address of the computer>

2. Navigate to Manage | Rules | Access Rules.
Create a firewall access rule for LAN -> WAN with below settings:
Action: Deny
Service: <Any>
Source: <Address object name created in step 1>
Destination: ANY
With the help of above settings you can control the traffice from LAN -> WAN with computer's MAC address.
Note: Address object can be created with "Type" as MAC address only in SonicOS Enhanced 4.0 and above.
Example:
Address Object:
Name: ABC
Zone: LAN
Type: MAC Address
Address Detail: 00:60:73:E3:8F:24
Firewall Access Rule:
Action: Deny
Service: HTTP
Source: ABC
Destination: ANY
Above firewall rule will block HTTP traffic for computer with MAC address specified in ABC address object to internet.
Note: MAC Address Objects are populated based on the SonicWalls ARP Cache. It the MAC Address withthe associated IP address is NOT listed int he ARP Cache, the MAC Address Object will not be resolved to an IP Address.