I am new here and new to Peplink. Looking into router security led me to purchase the Surf SOHO and used Michael Horowitz’s “Surf SOHO Initial Configuration” webpage as a guide to set it up.
There is one option that has me confused and I hope someone can help me out. In the SSID Settings there is a “Firewall Mode” option of Disable, Flexible, and Lockdown. Not sure what this setting is for. It seems to imply that one can disable firewall function to a specific SSID? I am not sure why anyone would want to do that, so I don’t think I understand this setting.
Can someone explain Firewall Mode and recommend a secure setting for this option?
Hi and welcome to the forum!
Can’t say I’m immediately sure of where you’re seeing that option and I don’t have a Soho to hand, could you screen shot that page and paste it here please?
It is a firewall for wireless client. Below is the explanation:
Disable - Firewall disabled. This is the default setting. Flexible - Allow all except… - Block specific wireless client. The rest is allowed. Lockdown - Block all except… - Allow specific wireless client. The rest is blocked.
If I understand correctly all clients connected to a specific SSID can limited to [or blocked from] using certain ports, IP addresses, MAC addresses, or domain names.
So an application for this could be limiting clients in a specific SSID to use only LAN resources and deny internet access?
@MartinLangmaid, below is the functionality of the firewall at Advanced > Access Rules:
Outbound firewall = LAN/VLAN —Allow/Block—> WAN
Inbound firewall = WAN —Allow/Block—> LAN/VLAN
Internal firewall = LAN/VLAN/SpeedFusion networks —Allow/Block—> LAN/VLAN/SpeedFusion networks
Local Service Firewall = WAN —Allow/Block—> Peplink/Pepwave Device
For the functionality of the firewall in SSID, it restricts the wireless client who connects to the SSID with port, IP Network, MAC Address, and domain name. For example, if you restrict TCP 8888, any connection with TCP 8888 from the wireless client will be blocked.
I went to kick the tires on this new feature and found a bug.
Firmware 8.0.2 Build 3612 on a Surf SOHO HW2
The WiFi is disabled but one SSID is defined.
I edit that SSID and set the Firewall settings to Allow all except.
I create a couple rules and Apply Changes.
The rules are gone. The firewall mode is back to being disabled.
No doubt this has something to do with the WiFi being disabled system wide. Still, the Apply Changes button did not apply the changes. The Event Log says that changes were applied.
Looks like you may have asked the same question on two threads. @MartinLangmaid gave you a great answer via the other one. Will those solutions not work for you? What you want to do is very reasonable and many of us do it frequently.
(Sorry if cross-posting was discouraged.) I’m trying to understand how the Firewall Settings on the SSID screen work. If I selected “Lockdown - Block all except…” and then created a rule and selected “IP Network” and put in the IP address and mask of my local network, would that prevent any device connecting to the SSID in question from:
sending traffic to to any IP address except an IP address in my local network,
receiving traffic from any IP address except an IP address in my local network,
