How to separate networks on USG FLEX 500H to isolate the server from the local network
Hi everyone,
I recently purchased a USG FLEX 500H and I'm trying to configure my network to separate the Nextcloud server from the local network where all the PCs are connected. I want to enhance security by isolating the server from the rest of the network. Currently, the Nextcloud server is installed via snap.
I have a single local network (LAN) with all devices connected, including PCs and the Nextcloud server.
I would like to create a separate network (e.g., VLAN) for the Nextcloud server to isolate it from the main PC network.
Could you please provide me with a guide or suggestions on how to configure my USG FLEX 500H to achieve this network separation? What are the steps to follow and the specific configurations to apply? I would greatly appreciate any configuration examples or tutorials.
Thank you very much for your help!
Accepted Solution
-
Hi @Leonard00,
Here is one of the configuration for you reference:
- Create two Zone "LAN1" and "LAN2" for next step.
Path: Object > Zone
- Create two interfaces. One for LAN and one for server. The ports and Zone setting for the server use interface should be different from the LAN interface. In here, the ge4 is created for server use that use LAN2 for the Zone and p7 and p8 for the ports.
Path: Network > Interface > Internal
- Create policy control rule to block traffic between LAN1 and LAN2. This makes your LAN clients cannot communicate with the Server.
Path: Security policy > Policy control
Hope it helps.
Zyxel Melen0 - Create two Zone "LAN1" and "LAN2" for next step.
Zyxel Employee
All Replies
-
Hi @Leonard00,
Here is one of the configuration for you reference:
- Create two Zone "LAN1" and "LAN2" for next step.
Path: Object > Zone
- Create two interfaces. One for LAN and one for server. The ports and Zone setting for the server use interface should be different from the LAN interface. In here, the ge4 is created for server use that use LAN2 for the Zone and p7 and p8 for the ports.
Path: Network > Interface > Internal
- Create policy control rule to block traffic between LAN1 and LAN2. This makes your LAN clients cannot communicate with the Server.
Path: Security policy > Policy control
Hope it helps.
Zyxel Melen0 - Create two Zone "LAN1" and "LAN2" for next step.
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 271 USG FLEX H Series
- 274 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 389 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 74 Security Highlight
