Omada Cloud Inbound ACL setup
I'm trying to secure my network and I'd like to do a couple of things:
1. Limit inbound traffic at the gateway to ONLY omada cloud and my OpenVPN client
I know there is a list of ports that Omada uses but that list is what it using inside the network (switch level ACL I believe) and I just want to allow the necessary ports for the cloud controller and mobile app to work (Gateway ACL from WAN=>LAN IN ?), not every single port omada uses (like discovery). The OpenVPN is a known port so that is easy (default). I just need to know the minimum requirements for cloud/app communication and OpenVPN inbound to my network and block everything else.
2. Limit users to only being able to use the gateway as the DNS server as I employ a DNS filter system and want to prevent them from setting their own DNS records (e.g. 8.8.8.8). It would be great if I could set it up that if they make a port 53 request to an IP different than the gateway it also redirected that to the gateway for the answer. This would prevent anything from breaking for a user with custom DNS server but still force my DNS filtering to work.
I have watched a few videos on ACLs but rarely does anyone deal with WAN to LAN ACL (gateway) - it's all about preventing LAN/VLAN interactions.
Thanks for any input!