USGflex200 - Block communication between LANs

MilDro
MilDro Posts: 7  Freshman Member
First Anniversary First Comment
edited June 2022 in Nebula
Hello, 
I have configured 4 LAN interfaces (LAN group 1,2,3,4) vlans 10,20,30,40.

On Security Policy: there is Implicit rule "Allow LAN to any" and "Allow LAN to Appliance"

Questions:
1. Is possible disable implicit rule LANs to LANs.
2. How to block NEW communications between Vlan 10<->20 but allow (ESTABLISHED and RELATED) VLAN 10->20?
3. How to define Allow LAN 10 to Internet? Available DST option is only "Any/ Device/Country"

All Replies

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,039  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Answers are below:
    (1) It’s a default security policy so cannot be disabled.

    (2) Not very clear about your requirement. Do you mean only allowing the traffic from valan10 to vlan20? What application scenario do you want to deploy?
    Or, you can describe more about your requirement for us?
    (3) You can choose the Destination to Any to allow valn10 hosts to browse the internet.

    Thanks.
  • MilDro
    MilDro Posts: 7  Freshman Member
    First Anniversary First Comment
    Hi, more details bellow:
    VLAN-20 is for IP Cameras, VLAN-10 is PrivateNetwork for WiFi/LAN.
    I want block communication from VLAN20 to VLAN10, but also allow access to Internet from VLAN20.

    Secondly, Allow communication from VLAN10 to VLAN20 for monitoring Camera from PC.

    If I add rule "Allow vlan20 to Any", it's also allowed vlan20 to vlan10?
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,039  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    According to your requirement, you can configure those three security policies sequentially, as below:


    (1). Allow vlan10 to Any

    (2). Deny vlan20 to vlan10

    (3). Allow vlan20 to Any

    Thanks.

Nebula Tips & Tricks