PRIVATE NETWORK ATP 200

pykue
pykue Posts: 4
First Comment First Anniversary
Dear,

Can you tell me how should I configure so that a specific device is blocked from connecting to the internet, only allowing that device to have its connection on the local network?

Should I create a user and assign the IP of the specific machine to block its access to the WAN? Would it be something like this? I only need to allow connection to the local network.

All Replies

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 255
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 25 Answers First Comment
     Master Member
    edited November 25
    Hi @pykue
    Greeting forum . Assuming you have 192.168.100.0/24 in LAN1 , 192.168.3.0/24 in DMZ. 
    Conditions are LAN1 can access DMZ but cannot access internet . 
    Thus, you will have the following rules. 

    Order1 for LAN1 block to internet , order2 for LAN1 can access DMZ. 
    Thank you
    Kevin
  • pykue
    pykue Posts: 4
    First Comment First Anniversary
    Dear,

    Could you please send me a manual on how to configure?

    I'm using only LAN1, should I plug the device (which must have limited connection) in DMZ?

    I need to access this device via LAN, JUST BLOCK HIS CONNECTION TO THE INTERNET.
  • mMontana
    mMontana Posts: 995
    25 Answers 500 Comments Friend Collector Third Anniversary
     Guru Member
    Then put a rule on top of From LAN1 to WAN1 that says "from your device IP to WAN action deny".
    Consider to configure a LAN1 DNS server.
  • pykue
    pykue Posts: 4
    First Comment First Anniversary
    There's something missing in the recommendations you gave me, I didn't understand anything.

    I have already tried the following items:
    Object > Address/Geo IP,

    I created a host with the IP that must be blocked for internet.

    Then I went to:
    Security Policy> Policy control

    I created rule:

    From LAN1 - SOURCE (device blocked at Object > Address/Geo IP), - to WAN (I also tried to ANY excluding zywall), both did not work, the device continues to communicate with the internet.
  • PeterUK
    PeterUK Posts: 1,498
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
     Guru Member

    If you have access to this device you could setup the IP manually without a gateway this would limit the device to the subnet its in.


  • Zyxel_Kevin
    Zyxel_Kevin Posts: 255
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 25 Answers First Comment
     Master Member
    Hi @pykue
    Please ensure the rule have the highest order (rule #1), 
    Please see the below picture to share your configuration if it is still failed . Thank you .

    Kevin

Security Highlight