I was wondering if you guys could help me out on a little VLAN problem.
I set up VLANS on the UTM for the first time tonight. The config looks something like this:
ETH0 = WAN
ETH 1 = VLAN 10 (192.168.1.0 /24) and VLAN 20 (192.168.2.0 /24).
ETH 1 is connected to the switch on a Trunk port carrying 5U, 10T and 20T.
I have an AP50 running (on VLAN 10 for a connection to the UTM) as well. The AP50 (set to VLAN 10 in config) is plugged into another Trunk port on the switch that allows 5U, 10T and 20T to be carried on it. I am running a wireless network on the AP50 that puts clients onto VLAN 20.
Client 1 is connected to an Access port on the switch configured to VLAN 10 (untagged).
What I find interesting is that clients on VLAN 10 can access port 80 (and 8080?) of clients on VLAN 20 (in this case, IP cameras). However, software that connects to the RTSP port from VLAN 10 to VLAN 20 can't connect without a firewall rule.
I even tried creating a firewall rule to reject traffic from VLAN 10 to VLAN 20 on the UTM and it still passes through.
Is this a byproduct of webfiltering? Does it somehow trump firewall rules? I am very confused as to why two different subnets/VLANs can connect from one to the other on port 80.
I am relatively new to VLANs and maybe this is just a comprehension error on how they should behave.
This thread was automatically locked due to age.
