Sophos XG Firewall: How to block internet access based on MAC Address


MAC address filtering is more secure than IP address filtering, as MAC addresses are rarely changed. In an environment with DHCP, the IP addresses of hosts change dynamically, so filtering MAC addresses is more reliable and feasible to identify and filter the source and destination of network traffic.

In a wireless environment (WLAN), the most common security measure to prevent unwanted network access is MAC address filtering. Here, the router is configured to only accept traffic from the specific MAC addresses, and whitelisted devices are assigned new IP addresses through DHCP. This way, the hosts retain their ability to communicate with the Network. Any attempt to communicate by masquerading the IP address is blocked as the attacker’s MAC address will not match with the MAC address of the whitelisted devices.

How to block access based on MAC address

  • Go to Host and Service > MAC Host and click Add to add a MAC host. Enter the parameters as shown in the table below (Please enter MAC host that you want to block).






Specify a name to identify the Group.


MAC Address

Specify the MAC Type.

MAC Address

00:0c:29:72:D5:31 Specify the MAC Address of the host.

  • Click Save to add the MAC host.
  • Navigate to Firewall, and click + Add Firewall Rule. Select User/Network Rule to add a new rule as shown in the image below.


  • Click Save to add the rule.
  • This is blocks entrie IPv4 traffic for the MAC host 00:0c:29:72:D5:31 originating from LAN and destined for WAN.


Be the first to comment

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.