Traffic block just in one direction

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Traffic block just in one direction

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Traffic block just in one direction
Traffic block just in one direction
2023-01-31 16:51:19 - last edited 2023-02-02 16:27:20
Tags: #firewall
Model: OC200  
Hardware Version: V1
Firmware Version: 5.7.6

Hi,

I currently have a switch ACL blocking traffic from the normal network (51) to my IoT network (54).

 

 

Now I want to explicitly access a system on the 51 via SSH from one of the IoT machines in the 54 network (i.e. the opposite of the rule).Unfortunately this access is blocked. Even if I create another rule and set it to position 1, the access does not work.

 


Only if I switch off the rule "Normal to IoT block" it works.  How can I achieve that the basic access from the normal network to the IoT network remains blocked, but this one communication path is open?

  0      
  0      
#1
Options
1 Accepted Solution
Re:Traffic block just in one direction-Solution
2023-02-01 07:32:49 - last edited 2023-02-02 16:27:20

Dear @Frickeldave 

Frickeldave wrote

Hi,

I currently have a switch ACL blocking traffic from the normal network (51) to my IoT network (54).

 

 

 

Now I want to explicitly access a system on the 51 via SSH from one of the IoT machines in the 54 network (i.e. the opposite of the rule).Unfortunately this access is blocked. Even if I create another rule and set it to position 1, the access does not work.

 

 


Only if I switch off the rule "Normal to IoT block" it works.  How can I achieve that the basic access from the normal network to the IoT network remains blocked, but this one communication path is open?

Make sure you have bi-direction Permit rules on position 1 and 2. So allow the system to the IoT IP, also allow the IoT IP to the system. 

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
Recommended Solution
  0  
  0  
#2
Options
2 Reply
Re:Traffic block just in one direction-Solution
2023-02-01 07:32:49 - last edited 2023-02-02 16:27:20

Dear @Frickeldave 

Frickeldave wrote

Hi,

I currently have a switch ACL blocking traffic from the normal network (51) to my IoT network (54).

 

 

 

Now I want to explicitly access a system on the 51 via SSH from one of the IoT machines in the 54 network (i.e. the opposite of the rule).Unfortunately this access is blocked. Even if I create another rule and set it to position 1, the access does not work.

 

 


Only if I switch off the rule "Normal to IoT block" it works.  How can I achieve that the basic access from the normal network to the IoT network remains blocked, but this one communication path is open?

Make sure you have bi-direction Permit rules on position 1 and 2. So allow the system to the IoT IP, also allow the IoT IP to the system. 

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
Recommended Solution
  0  
  0  
#2
Options
Re:Traffic block just in one direction
2023-02-02 16:27:15
Thanks, thats it.
  0  
  0  
#3
Options