TZ-370; Block Internet Traffic for Certain MAC Addresses
TZ-370, SonicOS 7.0.1-5111
Long ago, I created an address group that contains a dozen or so MAC addresses of computers.
I also created a fqdn address group of the sites that those PCs are allowed to go to.
I created a LAN to WAN rule, Source, the MAC address group, and the fqdn group for Destination, Allow.
I create another LAN to WAN rule, Source, MAC address group, and Any, Deny.
If the traffic is from one of those MAC addresses, and it's one of the sites on the fqdn list, it should be allowed.
If not, it goes on to the next rule, which should deny Internet access.
This worked when I first set it up, but now I have added a MAC address to the group, and the original PCs in the group are still blocked, but the new MAC address can go anywhere it wants.
I have edited and saved the lists in the groups, enabled/disabled the firewall rules, but nothing works.
What am I doing wrong? This should be so simple.