Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!
How to "Deny" a device in DHCP on SonicWall TZ 500
I had this question after viewing Sonicwall - View all DHCP clients connected.
I have a sonic wall tz500 and am wondering why I cannot "deny" a connection from a device that I keep seeing on DHCP. How can I do this? Why woudn't a firewall have that ability?
I have a sonic wall tz500 and am wondering why I cannot "deny" a connection from a device that I keep seeing on DHCP. How can I do this? Why woudn't a firewall have that ability?
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Here's an old article discussing a way to block by MAC address from getting access to the internet: https://www.experts-exchan
If you have managed switches, you should be able to track down the device by port.
Now if your question is why can't a Sonicwall block the DHCP requests from said device? It's not designed to. But that is something you can usually do within a managed switch.
If you have managed switches, you should be able to track down the device by port.
Now if your question is why can't a Sonicwall block the DHCP requests from said device? It's not designed to. But that is something you can usually do within a managed switch.
Hi Mike,
First you should know that this is a symptom. Meaning verify why this rogue computer has access to your LAN in the first place because truly blocking a computer is not really possible in any system unless you are authenticating the session/connection. I say this because you can easily circumvent IP & MAC filtering and even a neophyte can do this with the advent of Random Hardware Addressing without even knowing how to set it up. IP address filtering is not good because of DHCP and if a semi savvy user is involved they will know how to setup their machine for a static IP regardless.
In any case to answer your question, you will need to add their MAC address as an Address Object, then go to Access Rules and setup an Access Rule LAN > WAN & LAN > LAN (or any other Zone you wish to block them from), Any service, Source will be the newly created Address Object or Group, Action is Deny or Discard.
Let me know if you have any other questions!
First you should know that this is a symptom. Meaning verify why this rogue computer has access to your LAN in the first place because truly blocking a computer is not really possible in any system unless you are authenticating the session/connection. I say this because you can easily circumvent IP & MAC filtering and even a neophyte can do this with the advent of Random Hardware Addressing without even knowing how to set it up. IP address filtering is not good because of DHCP and if a semi savvy user is involved they will know how to setup their machine for a static IP regardless.
In any case to answer your question, you will need to add their MAC address as an Address Object, then go to Access Rules and setup an Access Rule LAN > WAN & LAN > LAN (or any other Zone you wish to block them from), Any service, Source will be the newly created Address Object or Group, Action is Deny or Discard.
Let me know if you have any other questions!
Another tip: Be sure to get a policy in place that has management and HR backing you up so that way you can enforce without any problems.
None of this is working. At all. Is is getting to be an issue. I have address objects and rules and firewall rules in place to DENY yet these devices (all wireless) are still accessing the network. What is the deal and why is this sonic wall such crap? It shoudknt' be that hard to get a FIREWALL to deny network access by mac address. So frustrating.
Is your problem that it is accessing the network and not the Internet now?
You could also come up with an IP in a range you do not use at all and set up a DHCP reservation. That way the device gets a fake address that cannot go anywhere. But this can be worked around if the owner puts in a static IP.
Assuming you have managed switches, use them to block that MAC. One reason is that traffic will not always pass through the SonicWall when everything is on the same subnet. Secondly, the switch route would address every scenario expect when the device is connected directly to the SonicWall.
You could also come up with an IP in a range you do not use at all and set up a DHCP reservation. That way the device gets a fake address that cannot go anywhere. But this can be worked around if the owner puts in a static IP.
Assuming you have managed switches, use them to block that MAC. One reason is that traffic will not always pass through the SonicWall when everything is on the same subnet. Secondly, the switch route would address every scenario expect when the device is connected directly to the SonicWall.
None of this is working. At all. Is is getting to be an issue. I have address objects and rules and firewall rules in place to DENY yet these devices (all wireless) are still accessing the network.Order of operations applies. The Deny Access Rule must be the top-most rules with all others below it. Change the priority if it is not. Also, if you do not have a Collapsed Core topology then all of this filtering would have to take place in the Managed switch/es not the firewall.
these devices (all wireless)You stated the question asking about one device not there are multiple. You have not stated why you want to achieve this and so it will be hard for us to provide an adequate solution since this is a very abnormal request. I'd encourage you to re-read my post https:#a42046696 it says that if you are trying to filter by IP or MAC address you may have a tough time since both are easily circumvented by DHCP, and RHA (Random Hardware Addressing), both accomplished without intent. Now if these are savvy users (with intent) spoofing both are relatively easy.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial