ER605: Can only apply LAN->LAN firewall rules for VLANS, not IPs or IP Groups?
In the firewall policy, if I have the direction set to anything but LAN->LAN I can set the source and destination as IP addresses or IP address groups, but as soon as I set it to LAN->LAN, my source and destination are restricted to VLANS only. How can I allow or deny local IP groups or VLANS connectivity to other local IP groups and VLANS?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi, what is your firmware version? If it is not up-to-date, please update your firmware first.
For the groups, you first need to define the "IP address" in the "IP Group". There you configure your "IP Groups" when later you will need to use them.
After you define your "IP address", you need to create the "Group" and choose your IP address.
Then you can go to the ACL and create the allow/deny rules you want.
If you choose "Direction" "LAN>LAN", that is VLAN interface to another VLAN interface. There is no IP groups involved in this and it is meant to be a VLAN interface to another. If you want to do very detailed allow/deny, you need to define the "IP Group" and then create rules that meets your requirement.
Simplify that is: define IP address > create IP group that contains IPs > Access Control > Select "All" or "LAN>WAN" **LAN>LAN" either one of the Directions. > You select the Src and Dst.
- Copy Link
- Report Inappropriate Content
Firmware is 1.1.1
>Select "All" or "LAN>WAN"
There is no "All" but I assumed "LAN>WAN" would be traffic from inside the network going to outside the network (Internet). LAN>WAN would cover internal to internal traffic?
- Copy Link
- Report Inappropriate Content
The literal meaning. LAN to WAN is the traffic from LAN to the Internet(WAN).
I think I mis-typed the "LAN > WAN". My initial intend is "LAN > LAN".
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1860
Replies: 3
Voters 0
No one has voted for it yet.