This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Network Segregation (VLAN)

Hello!

So we recently setup two VLANS 10 & 20 on our Sophos UTM. The main purpose was for the APs so we can use both networks wherever we are in the building.

However; even with a rule in the firewall of Net1 & Net2 - - ANY - - Net1 & Net2 we're still able to access resources on both sides of the networks.

Not really sure what else we need to add to prevent this? And I did check this rule is at the top, so it should take precedence.

This thread was automatically locked due to age.

Parents

0 Euphrates_01 over 9 years ago

Hello!

So we recently setup two VLANS 10 & 20 on our Sophos UTM. The main purpose was for the APs so we can use both networks wherever we are in the building.

However; even with a rule in the firewall of Net1 & Net2 - - ANY - - Net1 & Net2 we're still able to access resources on both sides of the networks.

Not really sure what else we need to add to prevent this? And I did check this rule is at the top, so it should take precedence.

What are you trying to accomplish? Are you trying to allow access of deny access? If so, can you break it down, i.e. Net1 -> Alllow -> Net2 or Net1 -> Deny -> Net2? Can you provide your current firewall rules screenshots?
Cancel
Vote Up 0 Vote Down

Cancel
0 Scott_Klassen over 9 years ago in reply to Euphrates_01

we're still able to access resources on both sides of the networks
You need to be more specific about what resources. For example, if you are using the Web Proxy, this would superceed any manually configured firewall rules. If this is the case, you would either need to create the blocks in the proxy or skip your own VLANs from the proxy, so that the manually created firewall rules take effect.

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Scott_Klassen over 9 years ago in reply to Euphrates_01

we're still able to access resources on both sides of the networks
You need to be more specific about what resources. For example, if you are using the Web Proxy, this would superceed any manually configured firewall rules. If this is the case, you would either need to create the blocks in the proxy or skip your own VLANs from the proxy, so that the manually created firewall rules take effect.

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data