Balance 305 Firewall Access Rules

Carsten_Pedersen · February 24, 2023, 10:09am

Hi

I am new to Peplink universe, i got the basic right, but struggling getting access rules to work…

My setup:
Balance 305 at the HQ <-----> Balance 305 at remote location.

I want to make sure some traffic from remote location will be blocked when trying to connect to HQ.

Ex:
HQ Server1 = 192.168.1.2

Remote Client = 192.168.10.20

So what im trying to do here:

On 305 in Remote location.
Network - Firewall - Access Rules
Create new Outbound Firewall Rule

Protocol = Any
Source IP = 192.168.10.20
Destination = 192.168.1.2
Action = Deny
Event logging = Enabled

Save and Apply Changes.

With that rule i would expect trafic to be blocked now…

But its not…
What am i doing wrong?

Thanks

dennis.hofheinz · February 24, 2023, 10:16am

Hi Carsten,
if you are using a SpeedFusion VPN, then you have to use the internal Firewall roule.

Carsten_Pedersen · February 24, 2023, 10:21am

Hi Dennis

From what i can see i dont use Speedfusion vpn.
But just to try it out i created the same rule under inbound, and it made no changes. My trafic is still coming through.

/ Carsten

dennis.hofheinz · February 24, 2023, 11:19am

Then I would create an Any to Any Allow Roule, to create an entry in the FIrewall Logs

If you are use 2 internal IP-Adressen you have a VPN between HQ and Remote Client, if not, you will not see the internal IP Address, only an external IP

MarceloBarros · February 24, 2023, 12:51pm

Hello.
I believe the TCP/IP addresses he used are just to exemplify the environment.
Just resuming…
HQ-305: 192.168.1.2
REMOTE: 192.168.10.20
So… DENY traffic between these devices.
Doing this rule at HQ-305. Running at INCOMING rule. From WAN of 305 to LAN inside of 305.

Carsten_Pedersen · February 27, 2023, 2:32pm

Thanks for all replys @MarceloBarros and @dennis.hofheinz

It was the internal access rules i needed to use. I just need to flip them. Have made them the other way around
I found out when i created a permit any any with log enabled.

So im not able to create rules now…
Then i just need to figure out if i really want to create 200+ rules on a peplink, or i want to route the traffic to a real firewall where i might only need 25 rules for the same job.

Thanks again

dennis.hofheinz · February 27, 2023, 2:37pm

Hi Carsten,

sometimes it’s easier to use InControl2 for the Firewall-Roules.

I think Peplink Routers are great routers with integrated Firewall, but it is a router…
A Firewall has also a routing engine, but it is a Firewall…
So for easy jobs you can use the integrated Firewall, if not, use a device that is build for that reason

BR
Dennis

Carsten_Pedersen · February 27, 2023, 2:42pm

I agree @dennis.hofheinz

I think that will be my conclusion as well… It was not ment to be a firewall with access list, beside a few rules where any can be used.

/ Carsten