I will try as simple as possible to explain how I want to set up the router, what is cureently being done and what are the problems.
It is currently only one range, soon will be needed and another range of address but to be completely equal to the current one.
On our router the rule is: when someone wants to approach on our local network must have LAN. Internet access is blocked for everyone.
In Firewall in Objects> Network Objects/Groups, we have group by name "Group_which_is_ have_net"
When the device is connected to a LAN network, we get the IP I'm entering into this group, we give the name for device and after that he gets a pass on the internet.
The problems are when these devices (which I do not link to MAC anywhere, but I just passed through IP) are off the network and DHCP Lease lenght expires we've put in 5 days.
These devices, when they come back to the network after that time, get a new IP and router that which I passed on Internet and give by name for example: should not have access to the Internet. It's chaos.
Before we had an router, the set up was similary (Cisco RV320 Dual Gigabit WAN VPN Router), but when I put someone on the the list on Internet, I had to link IP for MAC (DHCP was refreshing every two hours),
some devices was out of network for few months and when they come back, they always got the same IP address. This router was replaced because it had limitations, after a certain number of omissions,
it fired the fatal error where i need to delete someone else to let go and it went down constantly so it had to physically restart so we got a recommendation for buying this now model.
This is first step and very important an emergency because 12.5. DHCP Lease Lenght will expire for almost 50 computers.
In addition to this rule, which is very important for me, I would like to create a group that has access to the Internet but with some blockages to some sites.
I also need a group that has a blocked net, but have access to e-mail (mail server is leased to one hosting server and we access mail clients via IMAP some POP3 settings, outgoing and incoming ports they are known to us:: e-mail.namecompany.biz)
Thanks in advance everyone, who wanna help. I really appreiciate that.
Solved! Go to Solution.