Re: Firepower FMC: Excluding a mobile device via MAC or other means from firewall rule

orangeflava · ‎04-20-2020

Morning! Happy 420.

I am fairly new to this Firepower Management System we just installed. An exclusion rule was set up for domain connected devices so when added to the right group we get full internet access and sites like youtube are not blocked. However I cannot get to sites like that on my mobile device when connected to our wifi network. How can I set up an exclusion to allow access on the smartphone that is not connected to the domain? By MAC? And where do I go to do this? Thanks for any assistance. Let me know if you need any other information.

Model: Cisco Firepower Management Center for VMWare

Software Version: 6.4.0.3 (build 29)

Rob Ingram · ‎04-20-2020

Hi,
It is not possible to filter by MAC address on the firewall. The quickest and easiest thing to do is configure a DHCP reseveration based on that MAC address on the DHCP server, ensuring the same IP address is always given to that device. You can then create a rule on the firewall to permit the traffic.

HTH

orangeflava · ‎04-20-2020

thank you. I suppose I just search for exclude IP rule to see how to configure it on the cisco firepower? if there is a link that would be great if not i will try and askjeeves

Rob Ingram · ‎04-20-2020

It's just a standard rule. Create a host object for the IP address of the device, use that object as a source in the Access Control Policy. Example.