UAG 5100 seperating the lan

Eddwood Posts: 33  Freshman Member
edited April 14 in Security
Hello Support team,
I am going to use the UAG5100 for my hotel. I have an extra gatway for my UAG. So I set the WAN Port as an ethernal (that works well), the Lan1 for my manage Lan, and Lan2 for the guests. I hope this is the correct way to do so.
lan1 has the privat IP adress ( without dhcp. It is only to manage the UAG.
lan2 has the privat IP for guests.
dmz at the moment isn´t in use.
It works well, the guest PC (test in my office) gets the right IP ( and force me to enter the code. Well done. But I can still connect to my mgmt lan1 and to all my devices (switches, APs and Router). I do have to set same rouls to prohibit this, but I don´t know how.

Best Answers

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    edited November 2020 Accepted Answer
    You can create the profile as below on security policy to fulfill your scenario.
    The rule should be configured: From:Lan1 to Lan2, Action: deny. and From:Lan2 to Lan1, Action: deny. 
  • Eddwood
    Eddwood Posts: 33  Freshman Member
    Accepted Answer
    Thanks Charlie for answer. I will try that.

All Replies

  • Eddwood
    Eddwood Posts: 33  Freshman Member
    Any ideas? I still can´t use it.
    I figuered out, that the internet connection is not on WAN, but it use the Lan1 port. So I have more problems. Any admins here to help me out to fix my problems?
  • Eddwood
    Eddwood Posts: 33  Freshman Member
    OK, it works.Thanks Charlie. 
    Next question. 
    I would like to use a gateway for wan1. Not for lan1. Lan1 is only for managing the USG. In lan1, however, there is also a router that is on the Internet. My UAG is currently not getting the gateway from wan1 but from lan1. Can i change that?

Security Highlight