This is likely a very simple problem but being a beginner networking \ firewall guy I'm having some trouble.
Background:
Two Sophos UTM 135 Firewalls configured in HA active \ Passive Mode.
VLAN's involved:
Default VLAN which is VLAN 1 for us. - Network involved 192.168.0.0/24
Guest Wifi VLAN which is VLAN 20 - Network involved 10.0.20.0/24
I have a few VLAN's set up but the one in question I'm working with is VLAN 20 which is a guest wifi VLAN. All of my networking and VLAN config on the switches appear to be working correctly.
In fact I can get everything to work if I create a outbound rule allowing Guest Wifi (Network) ---> Service "ANY" --> "Any"
The fact that this is a guest Wifi network makes me prefer to only allow traffic out the external interface. Or advice on the best way to go about this?
The Rule I have in place currently is the following: Guest Wifi (Network) ---> Service "ANY" --> "External (WAN) (Network)"
As soon as I change "Any" to "External (WAN) (Network)" for the destination of that rule all traffic starts getting blocked from wifi devices on the Guest Wifi network.
Other items to note:
The UTM is running DHCP for this VLAN and that is working correctly.
I have created a masquerading NAT rule with the following details Guest Wifi (Network) --> Uplink Interfaces.
I have gone into the DNS tab under "Network Services" and allowed the Guest Wifi (Network)
Really what I want to do is provide a barrier between the guest wifi VLAN 20 and my internal LAN on VLAN 1.
Thoughts on where I am going wrong?
Thanks Guys,
Dan
This thread was automatically locked due to age.