Branch Office filter traffic by MAC
Good afternoon,
I have a Firebox T85 at my main office and a T25 at a branch office, we have a BOVPN between the two. I have a concern that someone could plug in an unauthorized device at the branch office and have access to data at our main location.
I’m not sure how the pros would handle this, one idea I have was to filter traffic by MAC through the VPN but I wasn’t sure if this was possible. Does anybody have any thoughts or suggestions?
0
Sign In to comment.
Comments
Given the concern is for the remote site physical network access, that's where I would start - if it's that big a concern, you'd have to go down the path of MAC address filtering at switch level which has its own limitations as well
(eg. if you use a dock that has an Ethernet port, some docks don't do MAC address passthrough so every device plugged into that same dock shows up as the same MAC address...).
MAC addresses don't traverse VPN tunnels so wouldn't be able to use any firewall in that regard.
If the branch office only has the T25, then it comes down to physical security (ie. make sure it's in a locked cabinet etc).
In either case, only allow known IP addrs from the remote site via policies