ER605: Can only apply LAN->LAN firewall rules for VLANS, not IPs or IP Groups?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

ER605: Can only apply LAN->LAN firewall rules for VLANS, not IPs or IP Groups?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
ER605: Can only apply LAN->LAN firewall rules for VLANS, not IPs or IP Groups?
ER605: Can only apply LAN->LAN firewall rules for VLANS, not IPs or IP Groups?
2022-04-05 06:51:51 - last edited 2022-04-06 01:10:43
Model: ER605 (TL-R605)  
Hardware Version: V1
Firmware Version: 1.1.1

In the firewall policy, if I have the direction set to anything but LAN->LAN I can set the source and destination as IP addresses or IP address groups, but as soon as I set it to LAN->LAN, my source and destination are restricted to VLANS only. How can I allow or deny local IP groups or VLANS connectivity to other local IP groups and VLANS?

 

  0      
  0      
#1
Options
3 Reply
Re:ER605: Can only apply LAN->LAN firewall rules for VLANS, not IPs or IP Groups?
2022-04-06 05:05:26 - last edited 2022-04-07 12:37:38

  @ncor 

Hi, what is your firmware version? If it is not up-to-date, please update your firmware first.

For the groups, you first need to define the "IP address" in the "IP Group". There you configure your "IP Groups" when later you will need to use them.

After you define your "IP address", you need to create the "Group" and choose your IP address.

Then you can go to the ACL and create the allow/deny rules you want.

If you choose "Direction" "LAN>LAN", that is VLAN interface to another VLAN interface. There is no IP groups involved in this and it is meant to be a VLAN interface to another. If you want to do very detailed allow/deny, you need to define the "IP Group" and then create rules that meets your requirement.

 

Simplify that is: define IP address > create IP group that contains IPs > Access Control > Select "All" or "LAN>WAN" **LAN>LAN" either one of the Directions. > You select the Src and Dst.

 

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#2
Options
Re:ER605: Can only apply LAN->LAN firewall rules for VLANS, not IPs or IP Groups?
2022-04-06 18:35:15

  @Hank21 

Firmware is 1.1.1

 

>Select "All" or "LAN>WAN"

 

There is no "All" but I assumed "LAN>WAN" would be traffic from inside the network going to outside the network (Internet). LAN>WAN would cover internal to internal traffic?

  0  
  0  
#3
Options
Re:ER605: Can only apply LAN->LAN firewall rules for VLANS, not IPs or IP Groups?
2022-04-07 07:08:20 - last edited 2022-04-07 12:38:26

  @ncor 

The literal meaning. LAN to WAN is the traffic from LAN to the Internet(WAN).

I think I mis-typed the "LAN > WAN". My initial intend is "LAN > LAN".

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#4
Options