Meshing some clients while others only do Point-to-Point

Hi there. I have a Balance 710 with Route Isolation enabled. I have many clients connecting back to my 710 for connections to a central server.
I need some of my client to have the option to connect to each other, and some that only need access to the central server. Keeping Route Isolation on keeps the network secure, but makes it so those clients that need to see each other can’t.

How can I make it so certain routers mesh together while other clients can only do point-to-point connection back to my central hub?

Example:
Balance 710 at Central hub.
Client A, B, C and D are all connected back to the 710 using Balance 20s.
Clients A, C and D need to be able to see each other on their networks as well as the Central Hub.
Client B only needs to access the Central hub.
How can I make Clients A, C and D see each other without enabling route isolation?

Good Afternoon
You can do this by disabling route isolation and then using internal firewall rules to allow and disallow access to the different subnets and servers.

e.g. first rule would be all all traffic to server xxx.xxx.xxx.xxx
Then you would create a rule allowing client A to access clients B’s subnet (and the reverses)
Then set the default rule to block. If they are allowed to access another subnet, their rule should be about this one. Please see the attached screenshot.

1 Like