SonicOS: How to control traffic with the help of MAC address from LAN to WAN

08/23/2021 64 19775

DESCRIPTION:

SonicOS: How to control traffic with the help of MAC address from LAN to WAN

RESOLUTION:

Resolution for SonicOS 6.5

This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

Video Tutorial: Click here for the video tutorial of this topic

Resolution or Workaround

With SonicOS Enhanced 3.5 on the Pro Models, SonicWall Inc Introduced Dynamic Address Objects. Dynamic Address Objects come in two types:

- FQDN
- MAC

Dynamic Address Objects are Dynamically Updated. Previous to SonicOS 3.5 , already there existed the ability to create MAC Address Objects, but these could only be used in Wireless MAC Filters. With SonicOS 3.5 and above, MAC Address Objects are Dynamically updated with the corresponding IP Address. With this feature this provides the ability to use MAC Address Objects in Firewall Access Rules.

Follow the below procedure to configure the settings on the sonicwall.

1. Navigate to Manage | Objects | Address object.

   Create an address object with following settings:

      Name: <Computer Name>
      Zone: LAN
      Type: MAC Address
      Address Detail: <MAC address of the computer>

2. Navigate to Manage | Rules | Access Rules.

    Create a firewall access rule for LAN -> WAN with below settings:

       Action: Deny
       Service: <Any>
       Source: <Address object name created in step 1>
       Destination: ANY

With the help of above settings you can control the traffice from LAN -> WAN with computer's MAC address.

Note: Address object can be created with "Type" as MAC address only in SonicOS Enhanced 4.0 and above.

Example:

Address Object:

      Name: ABC
      Zone: LAN
      Type: MAC Address
      Address Detail: 00:60:73:E3:8F:24

Firewall Access Rule:

       Action: Deny
       Service: HTTP
       Source: ABC
       Destination: ANY

Above firewall rule will block HTTP traffic for computer with MAC address specified in ABC address object to internet.

Note: MAC Address Objects are populated based on the SonicWalls ARP Cache. It the MAC Address withthe associated IP address is NOT listed int he ARP Cache, the MAC Address Object will not be resolved to an IP Address.

Resolution for SonicOS 6.2 and Below

The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

Video Tutorial: Click here for the video tutorial of this topic

Resolution or Workaround

With SonicOS Enhanced 3.5 on the Pro Models, SonicWall Inc Introduced Dynamic Address Objects. Dynamic Address Objects come in two types:

- FQDN
- MAC

Dynamic Address Objects are Dynamically Updated. Previous to SonicOS 3.5 , already there existed the ability to create MAC Address Objects, but these could only be used in Wireless MAC Filters. With SonicOS 3.5 and above, MAC Address Objects are Dynamically updated with the corresponding IP Address. With this feature this provides the ability to use MAC Address Objects in Firewall Access Rules.

Follow the below procedure to configure the settings on the sonicwall.

1. Create an address object with following settings:

      Name: <Computer Name>
      Zone: LAN
      Type: MAC Address
      Address Detail: <MAC address of the computer>

2. Create a firewall access rule for LAN -> WAN with below settings:

       Action: Deny
       Service: <Any>
       Source: <Address object name created in step 1>
       Destination: ANY

With the help of above settings you can control the traffice from LAN -> WAN with computer's MAC address.

Note: Address object can be created with "Type" as MAC address only in SonicOS Enhanced 4.0 and above.

Example:

Address Object:

      Name: ABC
      Zone: LAN
      Type: MAC Address
      Address Detail: 00:60:73:E3:8F:24

Firewall Access Rule:

       Action: Deny
       Service: HTTP
       Source: ABC
       Destination: ANY

Above firewall rule will block HTTP traffic for computer with MAC address specified in ABC address object to internet.

Note: MAC Address Objects are populated based on the SonicWalls ARP Cache. It the MAC Address withthe associated IP address is NOT listed int he ARP Cache, the MAC Address Object will not be resolved to an IP Address.