zyxelUser2021

Comments

br1 to WAN is not a problem. It gets created automatically if bridge mode is set to internal. I've never done wan to lan bridge, but I believe the same question applies to that: there's a bridge with two or more physical interfaces and you set the zones accordingly. In this case, wan interface is just not included.

in USG Flex 50W: LAN1, LAN2, DMZ and GUEST zones when interface is bridged Comment by zyxelUser2021 November 2023
Here's a more detailed drawing of the setup with also the L2 switch shown.

in USG 20 multiple VLANs, same subnet Comment by zyxelUser2021 January 2023
And of course there's 802.1Q enabled switch (such as Zyxel GS1200-8), not just USG 20 in the LAN. The VLANs in the drawing are just logical links.

in USG 20 multiple VLANs, same subnet Comment by zyxelUser2021 January 2023
The basic idea is to have control on what devices can see each other directly on layer 2, without adding load to the firewall. And using the same subnet is to avoid routing that takes place on layer 3. In theory NAS1-NAS2 or PC-NAS1 traffic could be non-IP protocol on layer 2 only. Currently I have NAS's on the same subnet…

in USG 20 multiple VLANs, same subnet Comment by zyxelUser2021 January 2023
Tried myself: does not work.

in Correct security policy for multiple intranet zones Comment by zyxelUser2021 April 2021
Thanks for the reply! The SERVICE zone assigned for two networks is intentional exception: it's just an example that classifies two networks in one cagegory (to be able to do policies inside the SERVICE zone). But what happens to a rogue packet that arrives from WAN, with source address e.g. 192.168.2.100 and targeting…

in Correct security policy for multiple intranet zones Comment by zyxelUser2021 April 2021