Source and Destinations missing

JoSoT
JoSoT Posts: 3
First Comment First Anniversary

Hi,

I have a ATP500 and a NWA50AX-pro. I'm trying to setup my firewall rules, but why aren't more sources and destinations listed. I see they are there in the implicit list. The implicit rules are over permissig so I have to make special block rules. ATP's outside of Nebula don't have this issue.

But when I want to select the "VPN_192.168.50.0/24" it's not there. Seems such a missed opportunity to not have objects. I now have to type them in and when my vpn range changes I need to go in to the rules as well.

ZyXEL please let us disable the implicit rules. If any force a prio1 rule so the Nebula devices are always allowed to contact "Nebula". But these implicit rules go agains any firewall basic principal. Why allow all vlan's to go to all vlan's. One of the reasons for a vlan is not to be able to communicate between them.

Kind regards,

JoSoT

All Replies

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,378  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary
    edited April 1

    Hello @JoSoT,

    The implicit rules within the policy control settings are designed for straightforward configuration, catering to most end-users' needs. These rules automatically generate an allow rule when certain configurations, such as VPN, NAT, or any intra-interface settings, are established.

    If you need to specify a "Source" or "Destination" IP segment within the policy control rules, simply input the IP segment in the appropriate field. The NCC will then automatically create the object within the configuration.

    Regarding your concern about allowing all VLANs to communicate with each other, one approach you might consider is enabling the "Guest" function within the Interface settings. Then the selected LAN(VLAN) will unable to reach to each other.

Nebula Tips & Tricks