Surf SOHO: I have set up an Internal firewall rule (Advanced - Access Rules) to block each of my VLANs from accessing the main LAN; the main LAN has admin access to the router. I’m fine with this approach, but I wonder why it’s necessary.
Under the System tab in Admin Security “Allowed LAN Networks” I have selected the main LAN only, presumably excluding the VLANs. Under the Network tab - Network Settings I have also unchecked (disabled) Inter-VLAN routing.
Shouldn’t one of those two main actions be all that’s necessary?
Thanks.
There are 3 features name mentioned. Those features are standalone features and should be be relate together, else it will cause confusion for the features. You just need to turn on the features base on your use cases.
- Internal Firewall
- Block inter-VLAN traffics.
- Cannot use to block WebAdmin traffics.
- System → LAN Connection Access Settings → Allowed LAN Networks
- Use to control which network/VLAN can access WebAdmin. User allow to define which LAN/VLAN can access the WebAdmin page.
- Inter-VLAN routing
- Disable the Inter-VLAN routing for the created VLANs.
- cannot limit the same VLAN client accessing to the Gateway IP (WebAdmin access is defined to allow all VLANs)
Hope the above explained your concerns 
2 Likes
It is good to learn that web admin is defined to allow all VLANs unless blocked by System → Security, and is not blocked by internal firewall rules. Thank you.
So, I think I understand - if I want (1) no any inter-VLAN routing or (2) no VLANs to access the Admin page, I can accomplish that with buttons and I don’t need any Internal Firewalls at all. Is this true?
Thank you for your time. (Sorry - I do not know how to use the quote process.)
Yes, is the answer to your question.
1 Like
