Configuration Goal: Ensure that “staff” network has access to other VLAN’s, but not “Executive VLAN”. Exec VLAN needs access to all.
Issue: Internal firewall rule from staff to executive network not preventing “ping” between networks.
Product/Software Info:
- Balance One
- 7.1.2 build 4094
VLAN Config:
Staff VLAN: Tag = 40 Network = 192.168.40.0/24
Executive VLAN: Tag = 60 Network = 192.168.60.0/24
Internal Firewall Rule:
Protocol: Any
Source: Network 192.168.40.0/24
Destination: Network 192.168.60.0/24
Action: Deny
Test Iterations:
- Tried denying from .40 to any network. Result: 100% ping success.
- Tried different protocols. Result: 100% ping success
- Tried IP address specific ping. Result: 100% ping success
What am I missing?
Can you please share your internal firewall rules screenshot here ? Beside that, may i know which IP address you are pinging ? You test the firewall rules by pinging to the VLAN interface IP for Balance One ?
1 Like
Thank you for the quick response. See below:
cid:[email protected]
@valltech
Internal Firewall Rules can’t block the traffics destination to the Balance One Interface IP. You need to test the firewall rules by pinging to the devices that connected to VLAN 60.
Can you test on it again ? You can enable firewall logging for the firewall rules and this should give you the related logging at the event logs page:
1 Like
hello
mine works without any issue you need to block by the default and allow specific rules what ever you want.
toilet
I would block both VLANs from being able to access the router interface with
System ==> Admin Security ==> Allowed LAN Networks ==> Allow this network only
Then set it to the private network (untagged lan)
1 Like
