Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 1572 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Vlan Firewall Issue

Avanlina
Hi,

I was wondering if it is possible to deny traffic from an Ethernet vlan interface to another ethernet vlan interface?

Details:

1 Physical Interface -> 2 Vlan interfaces with VLAN 110 & VLAN 120
1 Physical Interface -> 1 ethernet WAN port

VLAN 110: Production Network
VLAN 120: Guest Network

L3 Switch: 2 vlan's allowed, 110,120 and setted up as an DOT1Q trunk port.
no native vlan has specified.

Currently there are no FW rules setup between these 2 subnets / vlans.
However these 2 subnets are capable to communicate to each other what i like to prevent.

I tried already making deny rules between guest and production VLAN, seems they are ignored somehow.


This thread was automatically locked due to age.
Parents
  • 0
    I found the issue by using the tcpdump. 

    It seems that the option gateway forwards ping, was allowing ping trough mulltiple interfaces.

    By disabling this option, icmp stopped between the Guest and Production network.
Reply
  • 0
    I found the issue by using the tcpdump. 

    It seems that the option gateway forwards ping, was allowing ping trough mulltiple interfaces.

    By disabling this option, icmp stopped between the Guest and Production network.
Children
No Data