I have enabled MAC filtering. But, that the DHCP distributes an IP only if the MAC is in the whitlist. How to do?
How to add MAC addrs to the allowed MAC addrs list?
If so, see this. If not, please explain more about what you want to do.
Restrict Network Traffic by MAC Addresshttps://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/networksetup/restrict_by_mac_c.html
If you've enabled a whitelist, the firewall will only talk to devices on that whitelist. That includes DHCP.
I would suggest avoiding a MAC whitelist unless you have a very specific reason to use it. It's very time consuming to maintain administratively, offers no encryption (anyone can still see the traffic flowing over a wire,) and MAC addresses are easily spoof-able. MAC filtering will only stop the most casual of connections, and will cost a lot of time to maintain.
WatchGuard Customer Support
thanks for your response.
I already use the article "Restrict Network Traffic by MAC Address". The filtrage is ok, but, my chef want the client don't obtent ip address. It's don't case, the client obtent ip address. I don't say if it's possible.
As James Carson stated - MAC addresses are easily spoof-able.
So even if you can "block" a specific MAC address, that may not prevent the device from connection to your network and getting an IP address.
Instead of using a whitelist, you can set up a DHCP reservation for the MAC addr of a device which you do not want to have Internet access, and then add a TCP-UDP packet filter From: the DHCP reservation IP addr To: Any-external, and set that policy to Denied. Move this policy to the top of your policy list.