Nebula security policy - Best practices to separate vlans

baba
baba Posts: 60
First Comment Friend Collector
 Ally Member
Hi all,

i've several vlans in my network:
  1. Server
  2. Home
  3. SmartHome
  4. Outdoor
  5. Kids
  6. Voice
  7. Admin
  8. Management
  9. Guest
  10. LANParty
And I want to do the following:
  • Server has access to all vlans except for Management
  • Home has access to Kids, Server-XY in Server, SmartHome
  • SmartHome has access to Server-SmartHome in Server, Home
  • Outdoor has access to to Server-SmartHome in Server
  • Kids has access to Home, Server-XY in Server between 6am to 8pm
  • Voice has access to Server-VoIP in Server
  • Admin has access to all vlans
  • Management has no access to another vlan
  • Guest has no access to another vlan
  • LANParty has no access to another vlan
What is the easiest way to handle the above scenario with security policy in Nebula?

There is a guest switch under Firewall -> Interfaces. Should I activate the guest switch for all vlans except Server and Admin and then add allow-rules?

Any other ideas? Thank you!

All Replies

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 447
    25 Answers First Comment Friend Collector Second Anniversary
     Master Member
    edited May 17
    Hi

    Can you share the network topology diagram with all equipments(firewall, AP, switch, VoIP, Server, other hosts, etc.) and their vlan ID?
    What is the purpose for the guest switch? What role does it play?
    If you can describe it more in detail and can help us to realize your environment more clearly. 
    Thanks. 

Nebula Tips & Tricks