Need Help with Access Control Rule: Allow Group of IPs Too Access Internet but Not LAN Systems
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Hello,
I have a TL-R600VPN and I'm trying to configure an access control rule to allow a set of systems (192.168.1.5-1.92.168.1.10) to only be able to access the internet. This is essentially the equivalent of a Guest subnet.
I want to disallow everything on the LAN for those systems (ICMP, http, https, VNC, etc.).
I've been able to block ICMP in this fashion through testing, but when I try using the ALL protocol the same way, it doesn't work. VNC still works, for example.
The most obvious config for the ACL seemed to be:
Policy = block
Service Type = All
Interface = all
Source = <range listed above>
Destination = IPGROUP_LAN
Effective time = any
I have no other rules in place, so there is no concern with the ID (placing above or below another rule).
Can anyone tell me what I'm missing? Thanks!
