Internal Firewall Rules Not Working


#1

Configuration Goal: Ensure that “staff” network has access to other VLAN’s, but not “Executive VLAN”. Exec VLAN needs access to all.

Issue: Internal firewall rule from staff to executive network not preventing “ping” between networks.

Product/Software Info:

VLAN Config:

Staff VLAN: Tag = 40 Network = 192.168.40.0/24

Executive VLAN: Tag = 60 Network = 192.168.60.0/24

Internal Firewall Rule:

Protocol: Any
Source: Network 192.168.40.0/24
Destination: Network 192.168.60.0/24
Action: Deny

Test Iterations:

  • Tried denying from .40 to any network. Result: 100% ping success.
  • Tried different protocols. Result: 100% ping success
  • Tried IP address specific ping. Result: 100% ping success

What am I missing?


#2

Can you please share your internal firewall rules screenshot here ? Beside that, may i know which IP address you are pinging ? You test the firewall rules by pinging to the VLAN interface IP for Balance One ?


#3

Thank you for the quick response. See below:

image cid:image001.png@01D4D85E.D9D075F0


#4

@valltech

Internal Firewall Rules can’t block the traffics destination to the Balance One Interface IP. You need to test the firewall rules by pinging to the devices that connected to VLAN 60.

Can you test on it again ? You can enable firewall logging for the firewall rules and this should give you the related logging at the event logs page:


#5

hello

mine works without any issue you need to block by the default and allow specific rules what ever you want.

toilet


#6

I would block both VLANs from being able to access the router interface with

System ==> Admin Security ==> Allowed LAN Networks ==> Allow this network only

Then set it to the private network (untagged lan)


#7

Thanks guys!