Restrict access on LAN to specific LAN IPs

Stephen

Hello -

I've tried numerous combinations of firewall rules, but I've yet to have any success. 

Problem:  I have a local server at 192.168.1.2 and the only LAN IP addresses I want to be able to access that are 192.168.1.20-29 (Using MAC-IP binding to assign those outside of the DHCP pool).  

Is this possible or is it not possible to restrict access within the LAN? 

Any help or hints would be appreciated!

zyman2008

The clients & server is local in the same subnet.
So that the traffic will direct forwarding between clients & server instead of go into the interface
on USG.
Here the possible solution,
1. To control the access on host firewall rules of server.
2. Control on the switch, connect clients or server, which support IP ACL. 
3. Or you need to set up bridge interface on USG and joins ports. The clients and server need to under different ports  of USG. Then you can use firewall rule to control the access.
 
From my point of view, solution 1 & 2 will not impact the transmit throughput between clients & server, which is preferred.

zyman2008

The clients & server is local in the same subnet.
So that the traffic will direct forwarding between clients & server instead of go into the interface
on USG.
Here the possible solution,
1. To control the access on host firewall rules of server.
2. Control on the switch, connect clients or server, which support IP ACL. 
3. Or you need to set up bridge interface on USG and joins ports. The clients and server need to under different ports  of USG. Then you can use firewall rule to control the access.
 
From my point of view, solution 1 & 2 will not impact the transmit throughput between clients & server, which is preferred.

Stephen

Thanks - that makes sense.  I'll focus in on solution 1 & 2.