1
Votes

Change Default Open All

 
1
Votes

Change Default Open All

Change Default Open All
Change Default Open All
2024-05-31 15:13:08 - last edited 2024-06-03 02:04:58
Tags: #ACLs
Hardware Version: V2
Firmware Version: 5.13.30.8

Counter to my request;

As per the design, all VLANs are open all. I understand for a beginner user this is a great idea as they won't need to get knee-deep into ACLs.

 

My request;

Allow more advanced users or corporate users to switch from default-all allow to default-all reject, preferably at the site level?

If not are we able to get one at a VLAN level?

 

My reasoning;

With a limit of 32 ACLs I can create and my want to default reject all. I am using a significant amount of ACLs on just reject between my subnets. Further, this can make the ACLs messier and more complicated.

 

Within the community there is a lot of confusion over ACLs, even if we can have an isolation switch on the VLAN level it would reduce the amount of ACLs people are having to create. This will allow people to better and more clearly understand ACLs.

 

This also allows for better security overall.

 

Thank you :)

 

 

#1
Options
2 Reply
RE:Change Default Open All
2024-05-31 15:51:05
^
#2
Options
Re:Change Default Open All
2024-06-03 02:04:49

Hi @Genos76 

Thanks for posting in our business forum.

VLAN interfaces by default are open and accessible. Is there a problem with this mechanism? What vendors do you know that are not accessible by default?

Reasoning, this is all routed to the router so it is accessible by default level. If there is an option it will take up one entry in the GW ACL.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
#3
Options

Information

Helpful: 1

Views: 351

Replies: 2

Voters 1

voter's avatar

Tags

ACLs