06-07-2012 01:24 PM
I would like to create a rule that that allows computers on the 192.168.5.x subnet to only have internet access (ports 80 and 443). This is a guest subnet, so do not want them having access to our LAN (which is on 10.x.x.x). Could someone check attached screenshot and see if I am on the right track?
Thanks!
Tim
06-07-2012 02:33 PM
You're on the right track. If you do have a web server that you want to protect, you would need to add another two Deny rules (http/https) to block the path from 192.168.5.x to 10.x.x.x.
06-07-2012 02:45 PM
Thank you, tekliu. On second glance, priority 4 appears to be a subset of priority 3, and what you suggest would also fall as a subset. Would priority 3 cover all those bases, and if so, could I just delete priority 4?
I just thought of DNS...would I need to open up port 53 in addition to ports 80 and 443?
I do not have all the hardware in place yet, I am in the planning stages. Once hardware comes in, I can start to test.
Thanks again. I appreciate any more feedback I can get.
06-07-2012 02:50 PM
You are right - the priority 4 rule is redundant given the priority 3 rule you have.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide