topic Re: Creating a block timeout for mac addresses for malicious behavior in General Topics

Creating a block timeout for mac addresses for malicious behavior

mmaynard — Wed, 17 May 2017 20:19:29 GMT

Hello,

I was interested if there was a way to block a mac address of a device for malicious behavior? Bacially if i have a user on a guest connection and they are searching things they shouldnt, they could be blocked for 5 minutes or whatever and then return to the network. I know its a strange request but I was curious to see if it could be done.

Thanks 🙂

Re: Creating a block timeout for mac addresses for malicious behavior

jdelio — Wed, 17 May 2017 20:22:15 GMT

This topic was started in the Community Feedback area, and is related to the Palo Alto Networks devices. Because of that I am moving this to the General topics area.

Re: Creating a block timeout for mac addresses for malicious behavior

TranceforLife — Wed, 17 May 2017 20:40:48 GMT

MAC address blocking is not a good way to control users as it is easy to spoof. For the guest control, you could implement a separate VLAN, basic security policy (allowing a minimum for internet browsing), as well as implement a URL filtering with other security profiles.