popekoz

It turns out that subnet based Vlan configured on the infrastructure switch is the problem. When I changed the VLANs to static, all works as expected. 

I made test environment and I can confirm that only rule #3 is enough even with deleted default security policy rules for ping between the two LANs to pass. So if someone wants to allow outgoing connections to the internet only for specific ports, but inter-LAN communications should work, Allow rule from "Internal" to…

Rule number 1 was just temoporary for the testing. It shouldn't be active in production. Rule number 3 is the acceptable rule because it allows only internal communications between LANs. Can you disable rule #1 and confirm it's working with #2 and #3 only. Thanks!