PRIVATE NETWORK ATP 200

Dear,

Can you tell me how should I configure so that a specific device is blocked from connecting to the internet, only allowing that device to have its connection on the local network?

Should I create a user and assign the IP of the specific machine to block its access to the WAN? Would it be something like this? I only need to allow connection to the local network.

All Replies

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 741  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited November 2022
    Hi @pykue
    Greeting forum . Assuming you have 192.168.100.0/24 in LAN1 , 192.168.3.0/24 in DMZ. 
    Conditions are LAN1 can access DMZ but cannot access internet . 
    Thus, you will have the following rules. 

    Order1 for LAN1 block to internet , order2 for LAN1 can access DMZ. 
    Thank you
    Kevin
  • pykue
    pykue Posts: 4
    First Anniversary First Comment
    Dear,

    Could you please send me a manual on how to configure?

    I'm using only LAN1, should I plug the device (which must have limited connection) in DMZ?

    I need to access this device via LAN, JUST BLOCK HIS CONNECTION TO THE INTERNET.
  • mMontana
    mMontana Posts: 1,298  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Then put a rule on top of From LAN1 to WAN1 that says "from your device IP to WAN action deny".
    Consider to configure a LAN1 DNS server.
  • pykue
    pykue Posts: 4
    First Anniversary First Comment
    There's something missing in the recommendations you gave me, I didn't understand anything.

    I have already tried the following items:
    Object > Address/Geo IP,

    I created a host with the IP that must be blocked for internet.

    Then I went to:
    Security Policy> Policy control

    I created rule:

    From LAN1 - SOURCE (device blocked at Object > Address/Geo IP), - to WAN (I also tried to ANY excluding zywall), both did not work, the device continues to communicate with the internet.
  • PeterUK
    PeterUK Posts: 2,651  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer

    If you have access to this device you could setup the IP manually without a gateway this would limit the device to the subnet its in.


  • Zyxel_Kevin
    Zyxel_Kevin Posts: 741  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @pykue
    Please ensure the rule have the highest order (rule #1), 
    Please see the below picture to share your configuration if it is still failed . Thank you .

    Kevin

Security Highlight