I can ping from the LAN to all VLANs as well as from all VLANs in the LAN. Even the VLANs can ping itself too. I would like to have all separately - so yes also VLANa, VLANb, VLANc and LAN.
Under static routes I've made nothing/ no entries.
I want separate the VLANs and the LAN.
I have to take defferent subnets?
WebAdmin automatically creates routes for the networks and addresses defined on local interfaces. You determine what traffic passes with Packet Filter (Firewall) rules. At present, you likely have rules like 'VLANx (Network) -> Any -> Any : Allow'. Just change them to 'VLANx (Network) -> Any -> Internet : Allow'.
Ping behavior is different. The settings on the 'ICMP' tab determine whether pings are allowed.
Cheers - Bob
Sophos UTM Community Moderator Sophos Certified Architect - UTM Sophos Certified Engineer - XG Gold Solution Partner since 2005