Business Community > Routers > ER605: Can only apply LAN->LAN firewall rules for VLANS, not IPs or IP Groups?
< Routers

ER605: Can only apply LAN->LAN firewall rules for VLANS, not IPs or IP Groups?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

ER605: Can only apply LAN->LAN firewall rules for VLANS, not IPs or IP Groups?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
ER605: Can only apply LAN->LAN firewall rules for VLANS, not IPs or IP Groups?
ER605: Can only apply LAN->LAN firewall rules for VLANS, not IPs or IP Groups?
2022-04-05 06:51:51 - last edited 2022-04-06 01:10:43
Model: ER605 (TL-R605)  
Hardware Version: V1
Firmware Version: 1.1.1

In the firewall policy, if I have the direction set to anything but LAN->LAN I can set the source and destination as IP addresses or IP address groups, but as soon as I set it to LAN->LAN, my source and destination are restricted to VLANS only. How can I allow or deny local IP groups or VLANS connectivity to other local IP groups and VLANS?

 

  0      
 
  0      
 
#1
Options
3 Reply
Re:ER605: Can only apply LAN->LAN firewall rules for VLANS, not IPs or IP Groups?
2022-04-06 05:05:26 - last edited 2022-04-07 12:37:38

  @ncor 

Hi, what is your firmware version? If it is not up-to-date, please update your firmware first.

For the groups, you first need to define the "IP address" in the "IP Group". There you configure your "IP Groups" when later you will need to use them.

After you define your "IP address", you need to create the "Group" and choose your IP address.

Then you can go to the ACL and create the allow/deny rules you want.

If you choose "Direction" "LAN>LAN", that is VLAN interface to another VLAN interface. There is no IP groups involved in this and it is meant to be a VLAN interface to another. If you want to do very detailed allow/deny, you need to define the "IP Group" and then create rules that meets your requirement.

 

Simplify that is: define IP address > create IP group that contains IPs > Access Control > Select "All" or "LAN>WAN" **LAN>LAN" either one of the Directions. > You select the Src and Dst.

 

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#2
Options
Re:ER605: Can only apply LAN->LAN firewall rules for VLANS, not IPs or IP Groups?
2022-04-06 18:35:15

  @Hank21 

Firmware is 1.1.1

 

>Select "All" or "LAN>WAN"

 

There is no "All" but I assumed "LAN>WAN" would be traffic from inside the network going to outside the network (Internet). LAN>WAN would cover internal to internal traffic?

  0  
  0  
#3
Options
Re:ER605: Can only apply LAN->LAN firewall rules for VLANS, not IPs or IP Groups?
2022-04-07 07:08:20 - last edited 2022-04-07 12:38:26

  @ncor 

The literal meaning. LAN to WAN is the traffic from LAN to the Internet(WAN).

I think I mis-typed the "LAN > WAN". My initial intend is "LAN > LAN".

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#4
Options

Information

Helpful: 0

Views: 1212

Replies: 3

Related Articles
ER605 IPv6 Firewall Rules Especially WAN>LAN
2431 5
ER605, WAN to LAN communication, Wireguard
149 0
ER605 Router Wired LAN Subnet Setup
1770 0
Firewall rules for LAN not honored
688 0
ER605 L2TP Client to Lan not working
244 0
ER605 V2 : 2 LAN Setup connected to "unmanaged" switch - Firewall rules
1083 0
About Us
Press
Copyright © TP-LINK CORPORATION PTE. LTD. All rights reserved.