The setup is a layer 2 switch with 2 vlans, Management (172.20.20.0/24) and Data (192.168.100.0/24). The vlans are separate port groups. The switch has a physical connection for each vlan connected to 2 interfaces on the UTM. The UTM is the default gateway for each vlan and is handling all routing, DHCP & DNS. It appears by default the UTM is routing between the two interfaces. I am able to access the Management network while connected to the Data network. I want to keep the Management network separate and only accessible by physically plugging into one of the dedicated switch ports. I have tried firewall rules but that did not work. The only way I was able to prevent accessing the Management network from the Data network was to setup a DNAT blackhole rule. However, I am still able to access the UTM WebAdmin Management interface from the Data network. Does the UTM automatically route between it's interfaces? Is a NAT rule the only way to prevent it? Is there anyway to prevent accessing the WebAdmin Management interface from the Data network?
This thread was automatically locked due to age.