MAC authentication for SSL VPN
Need MAC based authentication for SSL VPN connecting devices to enhance the security level and to protect the office network
Sophos SSL VPN works on OPEN VPN mechanism & SSL VPN configuration file can be compromised by user/Employee. Once file is compromised/transferred to any personal computer, user can connect to corporate network via OPEN VPN using compromised config. file & it is very risky for losing of corporate data.
We have configured SSL_VPN clients. I require settings like user can allow to login or install agent in specific given corporate laptop only. Users should not allow to login SSL_VPN in any other machine.Have reach out tech support they said this feature is not available. Requesting you to add this feature on high priority as its a high security risk.
This doesn't make any sense. MAC addresses are a layer2 concept. Over the internet - or even across subnets - they're not visible.
Ankit Javiya commented
We have configured SSL_VPN clients. I require settings like user can allow to login or install agent in specific given laptop only. Users should not allow to login SSL_VPN in any other machine.
Can you please help me to do settings like this
Carlos Guzman commented
Scenario: to allow end-users (e.g. staff) to remotely connect to office LAN via VPN using company laptops only (e.g. with MAC restriction)
Carlos Guzman commented
To allow MAC binding for SSL VPN (remote access) in order to increase security and allow users VPN connection from specific machines (e.g. company laptops only) - as VPN client could be installed in different machines without such restriction. I called tech support and confirmed that such feature is not available for XG eventhough the function is there but it doesnt work when registering MAC address.
Lucar Toni commented
Hi, would be possible with Synchronized Heartbeat instead of MAC.
Require mac binding of ss vpn users, if possible kindly revert
here is a link I just came across which states that Mac Binding IS available for "client based authentication" such as Windows, Linux....but it seems a little silly that they cannot get the MAC address from the Sophos SSL VPN network adapter. I can see the MAC address if I go to properties of the NIC.
appears that there is MAC binding already, but it's not as described in that document. On mine, I have to add the MAC address, but in that document, it describes the firewall obtaining to first MAC address to connect and only allowing that MAC in the future.
Surprised this isn't a feature, I thought it was.
André Duarte commented
Have the possibility to use Mac Binding over VPN SSL.
Sophos XG uses OpenVPN, and Mac Binding is officially supported by OpenVPN
This is a quite useful feature!