USGflex200 - Block communication between LANs

MilDro · June 2022

Hello,
I have configured 4 LAN interfaces (LAN group 1,2,3,4) vlans 10,20,30,40.

On Security Policy: there is Implicit rule "Allow LAN to any" and "Allow LAN to Appliance"

Questions:
1. Is possible disable implicit rule LANs to LANs.
2. How to block NEW communications between Vlan 10<->20 but allow (ESTABLISHED and RELATED) VLAN 10->20?
3. How to define Allow LAN 10 to Internet? Available DST option is only "Any/ Device/Country"

Zyxel_Jeff · June 2022

Hi @MilDro

Answers are below:

(1) It’s a default security policy so cannot be disabled.

Image: https://us.v-cdn.net/6029482/uploads/editor/39/bszhzuxng8cl.png

(2) Not very clear about your requirement. Do you mean only allowing the traffic from valan10 to vlan20? What application scenario do you want to deploy?

Or, you can describe more about your requirement for us?

(3) You can choose the Destination to Any to allow valn10 hosts to browse the internet.

Image: https://us.v-cdn.net/6029482/uploads/editor/5c/k9rpbei537o5.png

Thanks.

MilDro · June 2022

Hi, more details bellow:
VLAN-20 is for IP Cameras, VLAN-10 is PrivateNetwork for WiFi/LAN.
I want block communication from VLAN20 to VLAN10, but also allow access to Internet from VLAN20.

Secondly, Allow communication from VLAN10 to VLAN20 for monitoring Camera from PC.

If I add rule "Allow vlan20 to Any", it's also allowed vlan20 to vlan10?

Zyxel_Jeff · June 2022

According to your requirement, you can configure those three security policies sequentially, as below:

(1). Allow vlan10 to Any

(2). Deny vlan20 to vlan10

(3). Allow vlan20 to Any

Thanks.

USGflex200 - Block communication between LANs

All Replies

Categories

Nebula Tips & Tricks

Nebula Help Center