How to "Deny" a device in DHCP on SonicWall TZ 500

I had this question after viewing Sonicwall - View all DHCP clients connected.

I have a sonic wall tz500 and am wondering why I cannot "deny" a connection from a device that I keep seeing on DHCP. How can I do this? Why woudn't a firewall have that ability?
mike mikkksAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

masnrockCommented:
Here's an old article discussing a way to block by MAC address from getting access to the internet: https://www.experts-exchange.com/questions/24398471/Blocing-MAC-Address-on-a-Sonicwall.html

If you have managed switches, you should be able to track down the device by port.

Now if your question is why can't a Sonicwall block the DHCP requests from said device? It's not designed to. But that is something you can usually do within a managed switch.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Blue Street TechLast KnightCommented:
Hi Mike,

First you should know that this is a symptom. Meaning verify why this rogue computer has access to your LAN in the first place because truly blocking a computer is not really possible in any system unless you are authenticating the session/connection. I say this because you can easily circumvent IP & MAC filtering and even a neophyte can do this with the advent of Random Hardware Addressing without even knowing how to set it up. IP address filtering is not good because of DHCP and if a semi savvy user is involved they will know how to setup their machine for a static IP regardless.

In any case to answer your question, you will need to add their MAC address as an Address Object, then go to Access Rules and setup an Access Rule LAN > WAN & LAN > LAN (or any other Zone you wish to block them from), Any service, Source will be the newly created Address Object or Group, Action is Deny or Discard.

Let me know if you have any other questions!
0
masnrockCommented:
Another tip: Be sure to get a policy in place that has management and HR backing you up so that way you can enforce without any problems.
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

mike mikkksAuthor Commented:
None of this is working. At all. Is is getting to be an issue. I have address objects and rules and firewall rules in place to DENY yet these devices (all wireless) are still accessing the network. What is the deal and why is this sonic wall such crap? It shoudknt' be that hard to get a FIREWALL to deny network access by mac address. So frustrating.
0
masnrockCommented:
Is your problem that it is accessing the network and not the Internet now?

You could also come up with an IP in a range you do not use at all and set up a DHCP reservation. That way the device gets a fake address that cannot go anywhere. But this can be worked around if the owner puts in a static IP.

Assuming you have managed switches, use them to block that MAC. One reason is that traffic will not always pass through the SonicWall when everything is on the same subnet. Secondly, the switch route would address every scenario expect when the device is connected directly to the SonicWall.
0
Blue Street TechLast KnightCommented:
None of this is working. At all. Is is getting to be an issue. I have address objects and rules and firewall rules in place to DENY yet these devices (all wireless) are still accessing the network.
Order of operations applies. The Deny Access Rule must be the top-most rules with all others below it. Change the priority if it is not. Also, if you do not have a Collapsed Core topology then all of this filtering would have to take place in the Managed switch/es not the firewall.

these devices (all wireless)
You stated the question asking about one device not there are multiple. You have not stated why you want to achieve this and so it will be hard for us to provide an adequate solution since this is a very abnormal request. I'd encourage you to re-read my post https:#a42046696 it says that if you are trying to filter by IP or MAC address you may have a tough time since both are easily circumvented by DHCP, and RHA (Random Hardware Addressing), both accomplished without intent. Now if these are savvy users (with intent) spoofing both are relatively easy.
0
masnrockCommented:
Answered
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.