Guest User!

You are not Sophos Staff.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How can I deny inter-VLAN routing

I have the following Network topology

WAN -> eth1 
Internal -> eth0 (default VLAN untagged) 10.10.10.0/24
Internal2 -> eth2 (VLAN 10 untagged) 10.10.20.0/24

On the switch, I simply have dedicated untagged ports for VLANs for the respective networks. My issue is I'm trying to isolate the internal networks from each other. I want to deny routing from Internal to Internal2 and vice-versa.

I've tried adding a No NAT rule from one network to the other but that didn't work. I also tried adding a firewall rule to drop packets from one network to the other and again i can still access it. I'm sure I'm missing something obvious that someone can point out.

 



This thread was automatically locked due to age.
Parents
  • there must be a firewall rule allowing traffic between internal and internal2.

    possible this FW-rule ist created automatically.

    select "show all" to check this.

  • There is no automatic firewall rule that would indicate that. The only thing that is there is some DNAT port forwarding rules to specific IPs

    There is a firewall rule added by the installation wizard:
    Internal -> Any Service -> Any Network

    I thought that rule was what was doing the routing, so I added an explicit drop (and I tried reject) action rule before the above rule:
    Internal -> Any Service -> Internal2

Reply
  • There is no automatic firewall rule that would indicate that. The only thing that is there is some DNAT port forwarding rules to specific IPs

    There is a firewall rule added by the installation wizard:
    Internal -> Any Service -> Any Network

    I thought that rule was what was doing the routing, so I added an explicit drop (and I tried reject) action rule before the above rule:
    Internal -> Any Service -> Internal2

Children