Firewall access rules

I need to restrict access to a block of computers. They can only access a an approved list of IP addresses. In other firewalls I’d create a “group” for these computers and a “group” for the allowed external IP addresses then allow computer group to only access External IP address group.

How can I do this in a Balance One with firmware 7.0.0 build 2742?

You can create a firewall rule and specify a network, ie, to group IP addresses together and create allow or deny rules.


Rule 1 Protocol TCP Source Destination IP/Subnet allow means the machines in the internal IP range of can ONLY access the destination(s) correct?
These machines can only access the IP addresses in the destinations of each rule.

I have about 17 destination ranges to add so I’d like to confirm before I lock everyone out.

You are correct. If you want to control the access, you’ll also want to change your default internal firewall rule to deny.

1 Like

Hello @MikeC,
Have you considered creating a separate VLAN to place these machines/computers into?
We find VLANs a lot easier to manage once setup, it also allows you the flexibility of having those machines run on DHCP and if you need to add or remove machines to not have to necessarily change the programming of the router, there are several guides on VLANs here in the forum if you are interested. Creating VLANs using Peplink’s InControl2 is one of the best and easiest we work with in the industry. You don’t need a Networking Degree to set them up if you work with the information available here.

Here is a guide to setting up VLANs using InControl2 for printer isolation, the principles can also be taken further for network isolation and IoT segregation.

You also may find it beneficial to have a look at this previous forum thread, it highlights six different threads on setting up VLANs, most of it is to do with InControl2 though there is some good information there.

You can also do this search within the forum “how to setup VLAN”.

Happy to Help,
Marcus :slight_smile: