Allow new connection one way, block new connections the other way. (between vlans)
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Goodafternoon.
Last week I dove in to Omada, as a good replacement for my pfSense setup that was running on my server.
The short reason behind is, when I needed to update the server, I wont have any internet access. Together with the comming of 1gbit fiber, I found it a good idea to set this up.
Sofar my experience has been great, I see that some stuff is still mising, or nog fully finished. One of these I want to point out.
As noted above, I have the router 7206. Where Wan & Wan/Lan 1 are my Wan ports, and Wan/lan 2, Wan/lan 3 & LAN are my lan ports.
I currently have connected my server directly to my router on Wan/lan 2 and my switch (SG2008P) on LAN.
To block traffic between vlan's I have setup Switch ACL. But what I want to do: Block connection made from Linux VLAN to Windows VLAN, but allow connection made from Windows VLAN to Linux VLAN. To manage the Linux servers. The same goes for connections made from Linux/Windows to Lan should be blocked, but connection made from LAN to Linux/Windows should be allowed.
Any tips on how to set this up in the omada software?
I also noticed that Switch ACL doesn't apply between LAN ports on the router, would be nice if that worked to.
Hey
By blocking the traffic between the VLANs you are going to stop all communication. The Windows VLAN can send to the Linux VLAN, but it in turn cant reply and even PING will fail
The only way I can see this being possible is to add an exception for traffic out (an allow rule) from the Linux VLAN with the ports, protocols or IPs you feel require that traffic.. specifically define it and apply that higher than the block VLAN.
Under settings, profiles, groups you could do this then apply to the ACL as allow. If it's complete traffic from the Linux Servers do it via IP address, if its just RDP or similar then open the necessary ports back.
I had to do the same for my CCTV that is on its own VLAN and isolated. To allow my PC to view the cameras I opened the TCP UDP traffic and ports for that specific purpose.. screenie below
That help any?
Hey
By blocking the traffic between the VLANs you are going to stop all communication. The Windows VLAN can send to the Linux VLAN, but it in turn cant reply and even PING will fail
The only way I can see this being possible is to add an exception for traffic out (an allow rule) from the Linux VLAN with the ports, protocols or IPs you feel require that traffic.. specifically define it and apply that higher than the block VLAN.
Under settings, profiles, groups you could do this then apply to the ACL as allow. If it's complete traffic from the Linux Servers do it via IP address, if its just RDP or similar then open the necessary ports back.
I had to do the same for my CCTV that is on its own VLAN and isolated. To allow my PC to view the cameras I opened the TCP UDP traffic and ports for that specific purpose.. screenie below
That help any?
