UAG 5100 seperating the lan

Eddwood
Eddwood Posts: 33  Freshman Member
First Comment
edited April 2021 in Security
Hello Support team,
I am going to use the UAG5100 for my hotel. I have an extra gatway for my UAG. So I set the WAN Port as an ethernal (that works well), the Lan1 for my manage Lan, and Lan2 for the guests. I hope this is the correct way to do so.
lan1 has the privat IP adress (192.168.0.10) without dhcp. It is only to manage the UAG.
lan2 has the privat IP 10.60.1.1/22 for guests.
dmz at the moment isn´t in use.
It works well, the guest PC (test in my office) gets the right IP (10.60.1.5) and force me to enter the code. Well done. But I can still connect to my mgmt lan1 and to all my devices (switches, APs and Router). I do have to set same rouls to prohibit this, but I don´t know how.

Best Answers

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    50 Answers 500 Comments Friend Collector Fourth Anniversary
    edited November 2020 Answer ✓
    @Eddwood
    You can create the profile as below on security policy to fulfill your scenario.
    The rule should be configured: From:Lan1 to Lan2, Action: deny. and From:Lan2 to Lan1, Action: deny. 
  • Eddwood
    Eddwood Posts: 33  Freshman Member
    First Comment
    Answer ✓
    Thanks Charlie for answer. I will try that.

All Replies

  • Eddwood
    Eddwood Posts: 33  Freshman Member
    First Comment
    Any ideas? I still can´t use it.
    I figuered out, that the internet connection is not on WAN, but it use the Lan1 port. So I have more problems. Any admins here to help me out to fix my problems?
  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    50 Answers 500 Comments Friend Collector Fourth Anniversary
    edited November 2020 Answer ✓
    @Eddwood
    You can create the profile as below on security policy to fulfill your scenario.
    The rule should be configured: From:Lan1 to Lan2, Action: deny. and From:Lan2 to Lan1, Action: deny. 
  • Eddwood
    Eddwood Posts: 33  Freshman Member
    First Comment
    Answer ✓
    Thanks Charlie for answer. I will try that.
  • Eddwood
    Eddwood Posts: 33  Freshman Member
    First Comment
    OK, it works.Thanks Charlie. 
    Next question. 
    I would like to use a gateway for wan1. Not for lan1. Lan1 is only for managing the USG. In lan1, however, there is also a router that is on the Internet. My UAG is currently not getting the gateway from wan1 but from lan1. Can i change that?

Security Highlight