ProSecure Unified Threat Management UTM10 or UTM25 Reference Manual

Setting up IP/MAC Bindings

IP/MAC Binding allows you to bind an IP address to a MAC address and vice-versa. Some PCs or devices are configured with static addresses. To prevent users from changing their static IP addresses, the IP/MAC Binding feature must be enabled on the UTM. If the UTM detects packets with a matching IP address but with the inconsistent MAC address (or vice-versa), the packets are dropped. If you have enabled the logging option for the IP/MAC Binding feature, these packets are logged before they are dropped. The UTM displays the total number of dropped packets that violate either the IP-to-MAC binding or the MAC-to-IP binding.

Note: You can bind IP addresses to MAC addresses for DHCP assignment on the LAN Groups submenu. See “Managing the Network Database” on page 4-13.

As an example, assume that three computers on the LAN are set up as follows:

Host1: MAC address (00:01:02:03:04:05) and IP address (192.168.10.10)

Host2: MAC address (00:01:02:03:04:06) and IP address (192.168.10.11)

Host3: MAC address (00:01:02:03:04:07) and IP address (192.168.10.12)

If all of the above host entry examples are added to the IP/MAC Binding table, the following scenarios indicate the possible outcome.

Host1: Matching IP & MAC address in IP/MAC Table.

Host2: Matching IP but inconsistent MAC address in IP/MAC Table.

Host3: Matching MAC but inconsistent IP address in IP/MAC Table.

In this example, the UTM blocks the traffic coming from Host2 and Host3, but allows the traffic coming from Host1 to any external network. The total count of dropped packets is displayed.

To set up IP/MAC bindings:

1.Select Network Security > Address Filter from the menu. The Address Filter submenu tabs appear, with the Source MAC Filter screen in view.

2.Click the IP/MAC Binding submenu tab. The IP/MAC Binding screen displays (see Figure 5-27 on page 5-43, which shows some bindings in the IP/MAC Binding table as an example).

5-42

Firewall Protection

v1.0, September 2009

Page 156
Image 156
NETGEAR UTM25-100NAS, UTM10EW-100NAS, UTM25EW-100NAS manual Setting up IP/MAC Bindings