Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 2 subscribers
  • Views 5189 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall for same subnet/Vlan clients

sspinos
Hey guys,

I have a UTM 120 with three Vlans. 

10.10.10.0 - 255
10.11.11.0 - 255 
10.12.12.0 - 255

Each of them have several clients on it. While I'm able to successfully allow or drop for wan to lan or lan to wan connections, I was able to do the same for same subnet/lan clients. For example: a is 10.11.11.15 and b is 10.11.11.16 I want all ports/connections with each other blocked, and just have lets say port 5000 open between them. Could you please indicate to me the right way for this. Thanks in advance for your time. [[:)]][[:)]]


This thread was automatically locked due to age.
  • 0
    I Thinks this is only possible via dedicated nics on utm or a nic which is configured as vlan (tags a/b/c), but then you have to change the sn on the clients so they have to call the gateway, so the filter can work.

    But maybe i'm wrong.
  • 0
    Hi, sspinos, and welcome to the User BB!

    I suspect that you are using the "Any" object in your firewall rules instead of the "Internet" object.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    The way I read it, is he wants to block traffic between hosts in the same VLAN. This I think is not possible without creating /30 networks for each host as otherwise the traffic between two hosts in the same subnet (and VLAN) will not travel through the UTM.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • 0
    I see now.  Yes, he would need to put the devices on different VLANs.  Thanks for catching my oversight!

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Cookie Information Banner