issues with understanding/get working L2 Isolation betwen fixed networks
Freshman Member
We have just got an ATP800, and thrilled with it, but I'm still having issues with L2 isolation between physical ports.
Our current config port wise is:
Core | Peplink | VPN_Link |Workshop| CCTV| Wi-Fi | Pr_Failover | ZUKU|ge9|ge10|ge11|ge12|ge13|ge14
I want to isolate Wi-Fi, ZUJU, Workshop and CCTV, From Core. e.g. traffic from these networks should not cross into Core other than for the allow list.
As I understand things, putting 'Wi-Fi, Workshop, CCTV' into the member's list should be sufficient, possible for confirmation and correction if required, I have attached some picks which should explain.
I have read various Zyxel documentation on this, but it seems I'm missing something.
Thank you in advance. :)
Accepted Solution
-
Hi @cfts_ea ,
The "port" you configure is layer 3 IP interface.
So that you need to set interface Core to a ZONE(Object > ZONE), ex: Core ZONE.
And interfaces Workshop/CCTV/Wi-Fi/ZUKU into another ZONE, ex: ZONE1.
And then go to Security Policy > Policy Control to add rules,
rule1: From ZONE1 to Core, src: any, dst: address group of allow list, service: any, action: allow
rule2: From ZONE1 to Core, src: any, dst: any, service: any, action: deny.
1
Master Member
All Replies
-
Hi @cfts_ea ,
The "port" you configure is layer 3 IP interface.
So that you need to set interface Core to a ZONE(Object > ZONE), ex: Core ZONE.
And interfaces Workshop/CCTV/Wi-Fi/ZUKU into another ZONE, ex: ZONE1.
And then go to Security Policy > Policy Control to add rules,
rule1: From ZONE1 to Core, src: any, dst: address group of allow list, service: any, action: allow
rule2: From ZONE1 to Core, src: any, dst: any, service: any, action: deny.
1 -
Sorry, and thank you, I only just got back to this I'd setup a Raspberry Pi, to do this, and will now look at seeing if this function can be implemented in the ATP, with the above info :)
0
Categories
- All Categories
- 396 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 81 Nebula Status and Incidents
- 5.1K Security
- 86 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 916 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2K FAQ
- 912 Nebula FAQ
- 419 Security FAQ
- 237 Switch FAQ
- 207 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 139 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 62 Security Highlight
