Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 27 subscribers
  • Views 550 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

2 questions on rules setup and optimizing vlan rules

Steve Savenelli

Evening all..

So I have been working on my XG firewall skills (v18) and decided the best way to learn is to wipe out the defaults and start from scratch..

So far so good.. But I do have a question on rules setup regarding source in the rule

When I setup SOURCE to be LAN, #PORT1.10 (vlan example), any and do the same for two other vlans, I can ping interfaces and nothing else.  But when I go to "Hosts and Services" and "IP host" and then proceed to add the IP network (call it 172.1.100.0/24) of #PORT1.10, then change the rules to reflect that (being LAN, IPnetwork, any), everything works like a charm.

I am wondering as to the WHY the #PORT does not work, but the IP NETWORK does?

 

Also, I have a VLAN internal group that opens each Vlan up to each other with block rules up top, but I don't think that would be the most efficient way to do that.  My guess is that it might be better to have the block rules up top with a LAN,ANY,ANY and LAN,ANY,ANY rule at the bottom as opening each vlan individually to do the same thing is just over complicating.. Thoughts?

 

Thank you



This thread was automatically locked due to age.
  • 0

    Picture of my new vlan setup.. look good so far?

  • 0 in reply to Steve Savenelli

    #Port is an object, which is only to be used if you are "talking to a Interface". This object is dynamically reflecting your current Interface IP.

    As you do not Ping the interface, instead the Network behind this, #Port will not match. The Zone concept will reflect this network behind the Interface. If you have a Zone for example LAN, firewall rule with destination LAN will allow all traffic to this interface network. 

    __________________________________________________________________________________________________________________

Cookie Information Banner