So I've been running the astaro for a while now, and when setting it up, I had the belief that configuring a client switch and a server switch attached to different nics on the UTM would essentially create the equivalent of two VLANS that I could set specific firewall rules.
However, this past weekend, I tried to implement some of the rules I wanted in place, and it seemed to be going swimmingly. But then I tried to access services that weren't supposed to be allowed through the firewall. For example, I made allowances for our webserver, our mail server, our file server, our domain controllers, and remote access. Then I attempted to connect to our database server, which had no firewall rules in place, and I was able to connect.
I went through rule by rule, including automatic rules, and I can't find anything that links the two interfaces together.
The only rule that has me suspect that allows:
Source: Internal, Servers
Service: Any
Destination: Any
It's intended to grant outbound access to the internet to both interfaces, but could that be integrating the two networks as a single local network, even though they have different subnets (192.168.2.0/24 and 192.168.0.0/24 respectively)?
If not, any ideas why my rules (or lack thereof) aren't being enforced?
This thread was automatically locked due to age.
