How can we help?
-
zWAN
-
-
-
-
- Firewall & Layer 7 Application Filtering
- VPN Site-to-Site Tunnel Setup & Connectivity (z40 to Cloud vGR)
- Intrusion Prevention System (IPS) / Intrusion Detection System (IDS) Testing
- DNS Filtering
- DDoS Protection & Logging
- MAC Address Filtering & Geo-fencing
- Application Control & Protocol Blocking
- Authentication & Access Control (zID)
-
- WAN Link Failover & Load Balancing (ACI Mode)
- Dynamic Path Selection & Application-Aware Routing
- SaaS & Internet Breakout Validation
- QoS for Microsoft Teams (Datacenter vGR + Branch z40)
- Tunnel Failover (z40 ↔ vGR) — WAN00 (wired) primary, WAN03 (4G) & WAN04 (5G) backups
- IP Routing & Static Route Steering (z40 Branch)
- VLAN & Layer-2 Bridging
-
-
-
-
-
-
- Articles coming soon
-
-
-
- Articles coming soon
-
- Articles coming soon
-
-
-
-
-
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
-
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
-
-
-
-
-
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
-
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
-
-
-
-
-
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
-
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
-
- Articles coming soon
-
-
-
- Articles coming soon
-
- IPsec Tunnel not Establishing
- SSL-VPN Tunnel not Establishing
- Mobile Network Issues
- Management Tunnel does not Establish
- DNS not Resolving from Local Network Appliance
- DNS Resolution Issues in Tunnel Configuration
- DHCP Server not Leasing IP to LAN PC
- Debugging EC Events - Unknown Status Issue
- Trusted-MAC Geofencing Issues
- DNS Issues from DC LAN PC
- Troubleshooting LAN Connectivity to Internet via WAN, Remote Branch LAN, or Local Branch LAN
- NetBalancer gateways displaying Faulty/Inactive
- Packet Drop Issues
-
-
zTC
-
-
-
-
-
- Citrix HDX + USB Headset (Call-Center Baseline)
- VMware Horizon + Smart Card / CAC Login
- Microsoft AVD/RDP + Teams Optimized Video
- Multi-Monitor & 4K Performance
- USB Device Management - Block Storage
- Printing to Local USB & Network Printers
- Barcode Scanner (HID) with Line-of-Business App
- Kiosk / Assigned-Access Auto-Launch
- Wi-Fi Roaming & Link Change Mid-Session
- Power Management and Session State
- OS/Firmware Update & Rollback
-
-
StorTrends
-
zAccess
-
zGuardian
You are here:
Print
MAC Groups
0 out Of 5 Stars
5 Stars | 0% | |
4 Stars | 0% | |
3 Stars | 0% | |
2 Stars | 0% | |
1 Stars | 0% |
Quick Overview
MAC Groups in zAccess allow administrators to group endpoint devices based on their MAC addresses. This facilitates identity-based access control where policies and rulesets can be applied to devices regardless of their current IP address, location, or network. MAC Groups are essential for managing known, trusted devices within a zero-trust framework.
How to Use This Feature in the UI
- Go to Policy Configuration > MAC Groups.
- Click ADD GROUP.
- Enter a Group Name that reflects the purpose or user set (e.g., “Corporate Laptops” or “Contractor Devices”).
- Input one or more valid MAC addresses in the required format (e.g.,
00:1A:2B:3C:4D:5E
). - Click Save to create the group.
Concepts & Use Cases
- Device-Based Access Control: Identify and enforce policies for specific hardware endpoints regardless of network or user login.
- BYOD & Guest Segmentation: Isolate personal or unmanaged devices by assigning them to a MAC group with limited permissions.
- Zero Trust Enforcement: Require that only devices in approved MAC groups can access sensitive applications.
- Compliance Assurance: Ensure that only registered, compliant machines connect to critical resources.
Troubleshooting & FAQs
- Why isn’t a device being matched to its MAC group?
Ensure the MAC address is entered correctly and belongs to the interface used for zAccess login. Avoid duplicate or invalid entries. - Can a device belong to more than one MAC group?
Yes. Devices can exist in multiple groups and are evaluated in the order defined by ruleset priorities. - Is MAC spoofing a concern?
MAC addresses can be spoofed, so MAC Groups should be used in conjunction with other posture or identity checks for high-security environments. - How can I audit MAC group usage?
Use the Endpoint Sessions page or Event Logs to view devices’ matched groups during login.
Was this article helpful?
0 out Of 5 Stars
5 Stars | 0% | |
4 Stars | 0% | |
3 Stars | 0% | |
2 Stars | 0% | |
1 Stars | 0% |
5
Table of Contents