USG60 access specific ip address

NEWSPRINT
NEWSPRINT Posts: 6
First Anniversary First Comment
edited April 2021 in Security

How on this device you can make access only one specific IP address through one of the WAN-ports to a specific IP address of LAN1?

All Replies

  • mMontana
    mMontana Posts: 1,300  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer

    Policy Rules.

  • I have two wan ports on my device. It is necessary that the internal ip address of the type 192.168.0. *** (LAN1) be accessible on a specific port only through WAN2 from the external ip address of the type 46. **. **. **

  • LAURAM
    LAURAM Posts: 13  Freshman Member
    First Anniversary 10 Comments Friend Collector First Answer

    Go to object > Address > Add address for lan1 192.168.0.X and external ip 46.X.X.X


    Go to Security Policy > Policy Control > Add Policy 

    only allow the the external ip 46.X.X.X to lan 1 192.168.0.X

  • This method does not work correctly. I did everything according to your scheme, however, access in this case gets any external IP address, despite the record "source-externalip".

    In other words, if I substitute an address in an external field, for example, 85.85.X.X then my desired address 46.X.X.X gets access too. And vice versa ?

  • jasailafan
    jasailafan Posts: 191  Master Member
    First Anniversary 10 Comments Friend Collector First Answer

    Did you configure 1:1 NAT?


  • Yes, I tried both options - VirtualServer and 1:1 NAT, It did not give the necessary Result. Either all the IP got access, or none ?

    And I solved this problem like this:

    1. Wrote a rule nat for port forwarding (All external ip got access to LAN1)
    2. Wrote 2 rules in Policy Rules. The first rule allows access from wan to lan1 to the external ip I need. The second rule prohibits access to all external ip access from wan to lan1. In that order.

    It worked ?

    Thanks everyone!

Security Highlight