NSG local access blocked for guest interfaces

Bram_LortyeBram_Lortye Member Posts: 4
edited October 1, 2019 6:16PM in Ideas
Hi there,

I use a NSG50, a GS1920-8HP and 2 NAP102.

In the NSG50 i created serveral VLAN's and a VLAN10 for guests (10.10.10.1 with DHCP server from 10.10.10.33-232), i enabled the 'guest'-slide-button in the interface section.
In the AP settings i made a 'guest' SSID with VLAN-ID10 and (did i need to?) enabled the 'guest'-slide-button, so the 'layer-2-isolation' is enabled, and i did enter the MACadress of the NSG50.
So far so good, when i connect to the guest SSID, i can connect to the internet but also can i connect to the nsg's local GUI at 10.10.10.1.
I don't want guest to be able to do this, can i manage to block this IP?
I tried to make an outboud-firewall-rule with source: 10.10.10.0/24 destination: 10.10.10.1 but then i get the error message: INVALID_DST_IP_AND_SRC_IP_DUPLICATE 

Perhaps i am doing it all wrong, what i would like to make is a network with 4 VLAN's, all separated from each other with one guest lan that can only access the internet.
If someone could help me in the right direction, thank you very much.

gr. Bram


 

Accepted Solution

All Replies

  • Hi Chris,

    Thanks for your reaction, i already was afraid it wasn't doable  :)
    Then it also isn't possible to use 2FA for the local login, or disable the local login complete?
    If possible i want guests not to be able to crack the local password in any way.
    grts. Bram!
  • Nebula_ChrisNebula_Chris Zyxel Offical Agent Posts: 328  Zyxel Employee
    Hi Bram,
    We'll have the enhancement of this part and the 2FA will be launched on L2TP, I'll private message you about the guest zone case.

    /Chris

    Chris
  • AlfonsoAlfonso Member Posts: 257  Master Member

    HI @Nebula_Chris


    When 2FA will be launched on L2TP? It will be launched on IPSEC/L2TP?


    Thanks in advance

  • Nebula_ChrisNebula_Chris Zyxel Offical Agent Posts: 328  Zyxel Employee

    Hi @Alfonso

    It's L2TP over IPSec VPN support 2FA feature and it will be launched at this year of December.😄


    Cheers~

    Chris
  • AlfonsoAlfonso Member Posts: 257  Master Member

    Thanks @Nebula_Chris

    It sounds great.

Sign In to comment.
14

Who's Online

Anton_Demin
Anton_Demin
lift1960
lift1960
treellama
treellama
+11 Guests