Is there a way to white list a user by the MAC address in Cisco Fire Power?

JBrav0 · ‎06-10-2021

We have a Cisco firewall that can be accessed through the web interface called Firepower. I discovered that there is a geolocation rule that blocks visitors from South Africa. The issue is that we recently got a student from there that cannot visit our website through any computer (other than a mobile phone) and I believe it's because of the firewall. I already verified with my ISP that they aren't blocking anything.

I would like to keep the rule, but white list them so they can at least access it. Is there a way to set up the rule-based on a MAC address? this seems to be the simplest way in my mind to have him visit with his own computer.

MHM Cisco World · ‎06-10-2021

As I know you can use SI in FTD to config white list and use DNS to control this whitelist depend on domain.

Marvin Rhoads · ‎06-11-2021

A MAC address doesn't convey across the Internet unless it's encapsulated in something like a remote access VPN.

You could give them a VPN connection (which is not affected by Geolocation rules).

A much simpler solution is to just have the student use an inexpensive commercial VPN service like Tunnel Bear that allows them to choose their apparent country of origin.

JBrav0 · ‎06-11-2021

I didn't think about this, I could test this with the student and if it works I will probably get the college to buy a handful of licenses for students on rare occasions like this.