How to separate networks on USG FLEX 500H to isolate the server from the local network

Leonard00

Hi everyone,

I recently purchased a USG FLEX 500H and I'm trying to configure my network to separate the Nextcloud server from the local network where all the PCs are connected. I want to enhance security by isolating the server from the rest of the network. Currently, the Nextcloud server is installed via snap.

I have a single local network (LAN) with all devices connected, including PCs and the Nextcloud server.
I would like to create a separate network (e.g., VLAN) for the Nextcloud server to isolate it from the main PC network.
Could you please provide me with a guide or suggestions on how to configure my USG FLEX 500H to achieve this network separation? What are the steps to follow and the specific configurations to apply? I would greatly appreciate any configuration examples or tutorials.

Thank you very much for your help!

Zyxel_Melen

Hi @Leonard00,

Here is one of the configuration for you reference:

1. Create two Zone "LAN1" and "LAN2" for next step.
   Path: Object > Zone
   
2. Create two interfaces. One for LAN and one for server. The ports and Zone setting for the server use interface should be different from the LAN interface. In here, the ge4 is created for server use that use LAN2 for the Zone and p7 and p8 for the ports.
   Path: Network > Interface > Internal
   
3. Create policy control rule to block traffic between LAN1 and LAN2. This makes your LAN clients cannot communicate with the Server.
   Path: Security policy > Policy control
   

Hope it helps.