Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 2 answers
  • Subscribers 27 subscribers
  • Views 3307 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Limit WAN access per Group

Tam Ben-Jusu

I would like to create a group of student users and allow only WAN access to members of that group.

I do not want them accessing the internal LAN and devices on it.

Can this be done on an XG230?

Many thanks in advance

 

 

 



This thread was automatically locked due to age.
Parents
  • 0

    Hello 

     

    Is your student and your LAN resource on the same  IP network? If yes, then you will have to look at some L2 switch which supports ACL or deploy XG in a bridge mode between you user and LAN resource.

     

    If no, then deploy XG in gateway mode and you can control traffic through any XG model.

     

    Regards, Ronak.

  • 0 in reply to Ronak Sheth

    Apologies Ronak, I wasn't clear in my question.

     

    The students will be using a wireless, on a separate subnet/VLAN and authorised by captive portal.

     

    How do I create a policy for the student group for all their traffic to go straight out through the WAN?

     

    Many thanks again.

  • 0 in reply to Tam Ben-Jusu

    Hi  

    If your LAN resource and wireless users are in different subnet/vLAN, then you can just create a simple firewall rule.

     

    Example:

    LAN IP: 192.168.10.X/24 with vLAN ID 10 Zone: LAN

    WiFi IP: 192.168.20.X/24 with vLAN ID 20 Zone: LAN

     

    Create firewall rule as following.

     

    Source Zone: LAN

    Source Network: 192.168.20.0/24

    Destination Zone: WAN

    Destination Network: Any

    Service: Any

    Match Known User: Enable

    Show Captive Portal: Enable

    Rewrite Source Address: Enable

     

    This rule will only allow WiFi traffic to go on internet. Traffic between the Wifi and LAN will be blocked by the implicit deny rule. 

     

    Regards, Ronak.

Reply
  • 0 in reply to Tam Ben-Jusu

    Hi  

    If your LAN resource and wireless users are in different subnet/vLAN, then you can just create a simple firewall rule.

     

    Example:

    LAN IP: 192.168.10.X/24 with vLAN ID 10 Zone: LAN

    WiFi IP: 192.168.20.X/24 with vLAN ID 20 Zone: LAN

     

    Create firewall rule as following.

     

    Source Zone: LAN

    Source Network: 192.168.20.0/24

    Destination Zone: WAN

    Destination Network: Any

    Service: Any

    Match Known User: Enable

    Show Captive Portal: Enable

    Rewrite Source Address: Enable

     

    This rule will only allow WiFi traffic to go on internet. Traffic between the Wifi and LAN will be blocked by the implicit deny rule. 

     

    Regards, Ronak.

Children
No Data