This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Vlan Firewall Issue

Hi,

I was wondering if it is possible to deny traffic from an Ethernet vlan interface to another ethernet vlan interface?

Details:

1 Physical Interface -> 2 Vlan interfaces with VLAN 110 & VLAN 120
1 Physical Interface -> 1 ethernet WAN port

VLAN 110: Production Network
VLAN 120: Guest Network

L3 Switch: 2 vlan's allowed, 110,120 and setted up as an DOT1Q trunk port.
no native vlan has specified.

Currently there are no FW rules setup between these 2 subnets / vlans.
However these 2 subnets are capable to communicate to each other what i like to prevent.

I tried already making deny rules between guest and production VLAN, seems they are ignored somehow.

This thread was automatically locked due to age.

Parents

0 apijnappels over 10 years ago

If you use web proxy you should also configure this correctly otherwise the two VLAN's might be able to access webservers in the other VLAN.

Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 apijnappels over 10 years ago

If you use web proxy you should also configure this correctly otherwise the two VLAN's might be able to access webservers in the other VLAN.

Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data