IPV4 Firewall Lan to Wan rule blocks internal communication with DVR

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

IPV4 Firewall Lan to Wan rule blocks internal communication with DVR

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
IPV4 Firewall Lan to Wan rule blocks internal communication with DVR
IPV4 Firewall Lan to Wan rule blocks internal communication with DVR
2023-12-02 01:32:38 - last edited 2023-12-08 05:46:37
Tags: #ACL
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.0.0 Build 20220106 Rel.56391

I have a surveillance DVR on my LAN.  It is managed, and recordings viewed, with software from a PC.  Both are on VLAN1 (192.168.1.0/24).  Both have fixed ip addresses within that range.  As a security measure I want to prevent the DVR from communicating with the internet.  Offsite access is not required.  I've set up a firewall rule which blocks traffic from the DVR IP, which is source configured as "Cobra_DVR" IP group. See below. The rule direction is LAN->WAN, and WAN IN.

 

The problem: This rule prevents the software on the PC from communicating with the DVR.  If I remove the LAN->WAN direction, leaving only WAN IN, the problem goes away.  Since both devices are on the same VLAN, why is this happening?  Is there a way to correct it?

 

 

  0      
  0      
#1
Options
1 Accepted Solution
Re:IPV4 Firewall Lan to Wan rule blocks internal communication with DVR-Solution
2023-12-04 01:03:17 - last edited 2023-12-08 05:46:37

Hi @MacFast 

Thanks for posting in our business forum.

1. Understand how ACL works and refer to the example in the guide. ER605(UN)_V2_User Guide

Of course you unselect the LAN > LAN and it works. WAN IN means incoming traffic from the WAN. The literal meaning of it.

 

2. As a supplementary reference to your setup. How to implement unidirectional VLAN access through ACL configuration on the Omada Gateway in Controller mode

You should choose your direction according to your desired way.

LC34: Full TP Link Omada Configuration Set Up ER605 ER7206 ER8411 Home, IoT, Camera, Guest,ACL,mDNS

 

3. To address the issue that they are in the same LAN, create an IP group in the Preferences. In the source and destination section, set the IP group you created.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  0  
  0  
#2
Options
1 Reply
Re:IPV4 Firewall Lan to Wan rule blocks internal communication with DVR-Solution
2023-12-04 01:03:17 - last edited 2023-12-08 05:46:37

Hi @MacFast 

Thanks for posting in our business forum.

1. Understand how ACL works and refer to the example in the guide. ER605(UN)_V2_User Guide

Of course you unselect the LAN > LAN and it works. WAN IN means incoming traffic from the WAN. The literal meaning of it.

 

2. As a supplementary reference to your setup. How to implement unidirectional VLAN access through ACL configuration on the Omada Gateway in Controller mode

You should choose your direction according to your desired way.

LC34: Full TP Link Omada Configuration Set Up ER605 ER7206 ER8411 Home, IoT, Camera, Guest,ACL,mDNS

 

3. To address the issue that they are in the same LAN, create an IP group in the Preferences. In the source and destination section, set the IP group you created.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  0  
  0  
#2
Options

Information

Helpful: 0

Views: 520

Replies: 1

Tags

Related Articles