NetExtender client MAC
Hello everybody,
how to setup log setting in order to get the MAC address of the computer on which sonicwall netextender is installed. The goal is to prepare a group of "authorized MAC addresses"and set up an access rule assigned to SSLVPN zone from authorized MAC to internal LAN zone.
setting up the event ID 1080 did not help to show the source MAC of client PC
Best Answers
-
CORRECT ANSWER
BWC
Cybersecurity Overlord ✭✭✭
MAC addresses are Layer 2, SSL-VPN is on Layer 3. You cannot block based on MAC address when coming from the WAN.
—Michael@BWC
0 -
CORRECT ANSWERBWC
Cybersecurity Overlord ✭✭✭
There are some shortcomings for SSL-VPN (no Wireguard, no fail2ban, …) and not being able to allow only authorized Endpoints is one of them. You just cant limit access to SSL-VPN on SonicOS at the moment, and I fear this will never change, because all roads are heading to Cloud Secure Edge for SNWL.
The SMA (100 or 1000 series) can do what you need, but 100 series is near EoL and 1000 series comes with a hefty price tag.
—Michael@BWC
0 -
CORRECT ANSWER
Arkwright
Community Legend ✭✭✭✭✭
Global VPN Client supports certificate authentication. I am not actually 100% sure that this solves your problem, but I think that it does because nobody can "just have" a certificate in the same way they can "just have" a username and password.
1
Answers
Dear Michael,
then what is the way only authorized PCs i.e. known MACs to connect to Sonicwall? Othwerwise any computer with ssl client installed with valid user and password can do that.