USG310 - Block traffic to Management but not to Internet

Lukas0102

Hello,

I'm really struggling on this one. 

I have an USG310 and NWA5123 as AP. Maybe the problem is easier than I think to solve but I just can't figure it out.

The USG is accessible under the default IP 192.168.1.1 and for the AP I set 192.168.10.1. Now I wan't to block the connection to 192.168.1.1 for the AP.

I think there is a specific firewall rule which I need to set but I didn't find them yet.

One thing I tried is block AP traffic to ZyWall but if I do this, the AP shows as offline in AP Management.

For managing the Switch I'm using LAN on a other port than the AP.

Zyxel_Tobias

Hi @Lukas0102

True, you need to block AP to ZyWALL but if ZyWALL manages this AP you need 2 rules:

a) Allow AP to ZyWALL with "Services: CAPWAP"
b) Block AP to ZyWALL with any services

So you can make sure your Management WIFI is working, but PING is blocked

Also, you can do:

a) Block "AP to ZyWALL" with Service "PING"
b) Allow "AP to ZyWALL" with Service "Any"

To may not run into more Port block issues.

Kind Regards,
Tobias

Lukas0102

Zyxel_Tobias said:

Hi @Lukas0102

True, you need to block AP to ZyWALL but if ZyWALL manages this AP you need 2 rules:

a) Allow AP to ZyWALL with "Services: CAPWAP"
b) Block AP to ZyWALL with any services

So you can make sure your Management WIFI is working, but PING is blocked

Also, you can do:

a) Block "AP to ZyWALL" with Service "PING"
b) Allow "AP to ZyWALL" with Service "Any"

To may not run into more Port block issues.

Kind Regards,
Tobias

Thanks for the answer. I forgot to set a custom DNS instead of the ZyWALL for the AP zone...