Apply different rules to different interfaces

Hi guys,

sorry my explanation was a bit messy and confusing so I want to explain again.

Our setup is quite simple. We have one network with IP address 192.168.0.1 /24. Our SG has one internet connection connected to port eth0.

Port eth1 is connected to the LAN and at the moment only Windows Update are allowed. No web surfing or anything else. The reason why it is so restricted is that this is a laboratory network with only a few PCs and it should be secured as much as possible.

However, once in a while the users need web traffic like http/https in order to access website.

The question now is:

Would it be possible to configure port eth2 with less restrictions and allow e.g. webtraffic. Therefore if the users need to surf they can simply disconnect eth1 and connect to eth2. Once they are finished, they can plug it back.

Thanks in advance!

Aktuator

Yes this is possible, but simple use different IP-networks on the two interfaces (eg. eth1:192.168.0.1/24  eth2:192.168.1.1/24) and then use different policies for those networks.

But the clients are all in the network 192.168.0.1/24 and then they won't be able to reach the gateway anymore.

Or am I missing something?

Hallo Aktuator,

The answer to your original question is "No" - not possible.

If these users will only be connecting one-at-a-time to use HTTP/S, then why not have them connect their individual machine to eth2, do an ipconfig renew and get a new IP in a different subnet?  When done, the user reconnects to the switch and renews their lease.

Cheers - Bob