Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1152
Views
0
Helpful
3
Replies

RV220W - Firewall driving me mad

dannyleeuk
Level 1
Level 1

‎09-13-2012 12:10 PM

Hi All,

One of the key features of this router was the firewall yet for whatever reason it just isn't playing ball. Here's my setup.

My broadband is connected by a TP-Link ADSL router. This has been configured for the DMZ host to be the RV220W.

The RV220W has been configured for WAN etc and internet is flowing through the network just fine. Here's my issue

I have two VLANS (3 inc default).

VLAN 666 = For server/vsphere network. (Configured on a 10.20.30.x range)

VLAN 333 = Spare (Configured on a 192.168.3.x range)

VLAN Default = Everyone else (Configured on a 192.168.2.x range)

I don't want any servers/clients on VLAN 666 to access the internet at all, therefore, the simplest rule would be:

Always Block AnyEnabled Outbound (LAN (Local Network) > WAN (Internet)) 10.20.30.2 - 10.20.30.254 Any

This doesn't seem to work, even after a reboot. I've also tried individual source IP's and still, it won't work which I thought could be a work around.

Is there any explanation for why this isn't working and why the rule just isn't applying. Also, is there a simpler way of blocking VLAN 666 from accessing the WAN interface?!

Any help would be greatly appreciated!

Labels:
0 Helpful
3 Replies 3

dannyleeuk
Level 1
Level 1

‎09-14-2012 09:54 AM

Anyone? :-(

0 Helpful

panos.asproulis
Level 1
Level 1

‎09-14-2012 05:22 PM

How is your RV220W connected to the ADSL device? Is the ADSL device running in bridge mode and the RV220W does a PPPoE connection to it? Or is the ADSL device running as a router itself?

0 Helpful

juan_diego_rodriguez
Level 1
Level 1

‎09-17-2012 01:55 PM

In that case, If you would like to restrict the Internet access to all the devices attached to the Vlan666. I would recommend you to set an extended access list instead.

access-list # deny TCP 10.20.30.X (wilcard) any eq 80

access-list # permit ip any any

If this answer was satisfactory for you, please mark the question as Answered.

Thank you

In that case, If you would like to restrict the Internet access to all the devices attached to the Vlan666. I would recommend you to set an extended access list instead.
access-list # deny TCP 10.20.30.X (wilcard) any eq 80
access-list # permit ip any any

If this answer was satisfactory for you, please mark the question as Answered.
Thank you

0 Helpful
Customers Also Viewed These Support Documents