USG310 - Block traffic to Management but not to Internet
Options
Hello,
I'm really struggling on this one.
I have an USG310 and NWA5123 as AP. Maybe the problem is easier than I think to solve but I just can't figure it out.
The USG is accessible under the default IP 192.168.1.1 and for the AP I set 192.168.10.1. Now I wan't to block the connection to 192.168.1.1 for the AP.
I think there is a specific firewall rule which I need to set but I didn't find them yet.
One thing I tried is block AP traffic to ZyWall but if I do this, the AP shows as offline in AP Management.
For managing the Switch I'm using LAN on a other port than the AP.
I'm really struggling on this one.
I have an USG310 and NWA5123 as AP. Maybe the problem is easier than I think to solve but I just can't figure it out.
The USG is accessible under the default IP 192.168.1.1 and for the AP I set 192.168.10.1. Now I wan't to block the connection to 192.168.1.1 for the AP.
I think there is a specific firewall rule which I need to set but I didn't find them yet.
One thing I tried is block AP traffic to ZyWall but if I do this, the AP shows as offline in AP Management.
For managing the Switch I'm using LAN on a other port than the AP.
0
Accepted Solution
-
Hi @Lukas0102
True, you need to block AP to ZyWALL but if ZyWALL manages this AP you need 2 rules:
a) Allow AP to ZyWALL with "Services: CAPWAP"
b) Block AP to ZyWALL with any services
So you can make sure your Management WIFI is working, but PING is blocked
Also, you can do:
a) Block "AP to ZyWALL" with Service "PING"
b) Allow "AP to ZyWALL" with Service "Any"
To may not run into more Port block issues.
Kind Regards,
Tobias0
Zyxel Employee
All Replies
-
Hi @Lukas0102
True, you need to block AP to ZyWALL but if ZyWALL manages this AP you need 2 rules:
a) Allow AP to ZyWALL with "Services: CAPWAP"
b) Block AP to ZyWALL with any services
So you can make sure your Management WIFI is working, but PING is blocked
Also, you can do:
a) Block "AP to ZyWALL" with Service "PING"
b) Allow "AP to ZyWALL" with Service "Any"
To may not run into more Port block issues.
Kind Regards,
Tobias0 -
Thanks for the answer. I forgot to set a custom DNS instead of the ZyWALL for the AP zone...Zyxel_Tobias said:Hi @Lukas0102
True, you need to block AP to ZyWALL but if ZyWALL manages this AP you need 2 rules:
a) Allow AP to ZyWALL with "Services: CAPWAP"
b) Block AP to ZyWALL with any services
So you can make sure your Management WIFI is working, but PING is blocked
Also, you can do:
a) Block "AP to ZyWALL" with Service "PING"
b) Allow "AP to ZyWALL" with Service "Any"
To may not run into more Port block issues.
Kind Regards,
Tobias
0
Categories
- All Categories
- 397 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 81 Nebula Status and Incidents
- 5.1K Security
- 91 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 919 WirelessLAN
- 35 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2K FAQ
- 926 Nebula FAQ
- 422 Security FAQ
- 238 Switch FAQ
- 210 WirelessLAN FAQ
- 47 Consumer Product FAQ
- 139 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 62 Security Highlight
