Business Community > Routers > IPV4 Firewall Lan to Wan rule blocks internal communication with DVR
< Routers

IPV4 Firewall Lan to Wan rule blocks internal communication with DVR

IPV4 Firewall Lan to Wan rule blocks internal communication with DVR

IPV4 Firewall Lan to Wan rule blocks internal communication with DVR
IPV4 Firewall Lan to Wan rule blocks internal communication with DVR
2023-12-02 01:32:38 - last edited 2023-12-08 05:46:37
Tags: #Gateway ACL
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.0.0 Build 20220106 Rel.56391

I have a surveillance DVR on my LAN.  It is managed, and recordings viewed, with software from a PC.  Both are on VLAN1 (192.168.1.0/24).  Both have fixed ip addresses within that range.  As a security measure I want to prevent the DVR from communicating with the internet.  Offsite access is not required.  I've set up a firewall rule which blocks traffic from the DVR IP, which is source configured as "Cobra_DVR" IP group. See below. The rule direction is LAN->WAN, and WAN IN.

 

The problem: This rule prevents the software on the PC from communicating with the DVR.  If I remove the LAN->WAN direction, leaving only WAN IN, the problem goes away.  Since both devices are on the same VLAN, why is this happening?  Is there a way to correct it?

 

 

  0      
 
  0      
 
#1
Options
1 Accepted Solution
Re:IPV4 Firewall Lan to Wan rule blocks internal communication with DVR-Solution
2023-12-04 01:03:17 - last edited 2023-12-08 05:46:37

Hi @MacFast 

Thanks for posting in our business forum.

1. Understand how ACL works and refer to the example in the guide. ER605(UN)_V2_User Guide

Of course you unselect the LAN > LAN and it works. WAN IN means incoming traffic from the WAN. The literal meaning of it.

 

2. As a supplementary reference to your setup. How to implement unidirectional VLAN access through ACL configuration on the Omada Gateway in Controller mode

You should choose your direction according to your desired way.

LC34: Full TP Link Omada Configuration Set Up ER605 ER7206 ER8411 Home, IoT, Camera, Guest,ACL,mDNS

 

3. To address the issue that they are in the same LAN, create an IP group in the Preferences. In the source and destination section, set the IP group you created.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Beta firmware got some NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting Manual ★ ☚ (Disclaimer: Short links are used above solely for guidance to TP-Link subdomains and are safe and tracker-free. Exercise caution with short links from non-official members on forums. We are not liable for external content or damage from non-official members' link use.)
Recommended Solution
  0  
  0  
#2
Options
1 Reply
Re:IPV4 Firewall Lan to Wan rule blocks internal communication with DVR-Solution
2023-12-04 01:03:17 - last edited 2023-12-08 05:46:37

Hi @MacFast 

Thanks for posting in our business forum.

1. Understand how ACL works and refer to the example in the guide. ER605(UN)_V2_User Guide

Of course you unselect the LAN > LAN and it works. WAN IN means incoming traffic from the WAN. The literal meaning of it.

 

2. As a supplementary reference to your setup. How to implement unidirectional VLAN access through ACL configuration on the Omada Gateway in Controller mode

You should choose your direction according to your desired way.

LC34: Full TP Link Omada Configuration Set Up ER605 ER7206 ER8411 Home, IoT, Camera, Guest,ACL,mDNS

 

3. To address the issue that they are in the same LAN, create an IP group in the Preferences. In the source and destination section, set the IP group you created.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Beta firmware got some NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting Manual ★ ☚ (Disclaimer: Short links are used above solely for guidance to TP-Link subdomains and are safe and tracker-free. Exercise caution with short links from non-official members on forums. We are not liable for external content or damage from non-official members' link use.)
Recommended Solution
  0  
  0  
#2
Options

Information

Helpful: 0

Views: 196

Replies: 1

Tags

Gateway ACL
Related Articles
wan to lan connections for internal use don't work
179 0
Using API to get WAN ipv4 address
547 0
Traffic From Wan\LAN to LAN
284 0
Create rules equal to existing ones, the router recognizes them as a default rule Possible bug?
264 0
ER605, WAN to LAN communication, Wireguard
172 0
"detected WAN Ping attack from xxx.xxx.xxx.xxx"
3758 2
About Us
Press
Copyright © TP-LINK CORPORATION PTE. LTD. All rights reserved.