Devices in mgmt VLAN reachable by VPN and local Clients
All Replies
-
Hi @Sergi330,
The problem you're seeing is due to how the device handles traffic blocking: traffic between segments is blocked by one rule, but traffic to the device itself requires a separate "to device" rule. For example:
Please note that for this rule, it is important to specify the correct port since selecting "Any" will block all traffic from that segment to the device. As shown in the image above for Protocol 443 (USG LITE 60AX web GUI port), this blocks segment IPs from accessing the web interface.
We appreciate your patience and understanding!
Zyxel Tina
0 -
Hi @Zyxel_Tina ,
Thanks for the instructions. Are these rules in addition to the previous two?
I confirm that now I can't reach the router's GUI this way. But what about the access points? Clients connected to Wi-Fi can still reach them (VPN and wired clients it's ok).
Thanks!
0 -
Specifically, clients connected via Wi-Fi to VLAN 10 reach the GUI of the access point to which they are connected, not the other ones present on the site.
0
Zyxel Employee
Freshman Member
Categories
- All Categories
- 442 Beta Program
- 2.9K Nebula
- 219 Nebula Ideas
- 127 Nebula Status and Incidents
- 6.5K Security
- 588 USG FLEX H Series
- 344 Security Ideas
- 1.7K Switch
- 84 Switch Ideas
- 1.4K Wireless
- 52 Wireless Ideas
- 7K Consumer Product
- 298 Service & License
- 477 News and Release
- 91 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.8K FAQ
- 34 Documents
- 87 About Community
- 105 Security Highlight
