05-19-2020 12:22 AM - edited 05-19-2020 12:23 AM
I have a couple of untrusted devices with static IPs on our LAN. I want to allow them access to the WAN but not to other devices on the LAN (except for DNS on the router/gateway).
I've tried many rules and none seem to have any effect, much like this post. I reduced it to a single rule to test whether anything works, but these devices can still make outgoing connections. Other posts about such rules mostly deal with incoming traffic and port-forwarding from the WAN, which is not relevant to this issue.
What is the correct way to block traffic from one LAN device to another?
05-22-2020 06:51 AM
Hello @l_s,
Hope you are doing well!
My name is Anton and I am part of the Cisco SBS Support Team.
I assume that the 192.168.1.7-192.168.1.8 are the untrusted IP's that you want to isolate from the rest of the LAN.
In this aspect your rule seems correct to me.
I would make it more specific by selecting LAN as the Source Interface.
Can you say whether you have added the static IP addresses in the DHCP table ( DHCP->IP&MAC Binding)?
Kind Regards!
05-22-2020 05:08 PM
Hi @agekov,
Thanks for replying. Yes, those are the untrusted IPs, and both have reserved addresses based on their MAC.
I've tried the same rule using both LAN and ANY as the source interface.
Thanks.
05-24-2020 05:39 PM
@agekov I have also added such a rule via the SSH interface, as well as trying a netmask version 192.168.1.8/255.255.255.255 (which it would not accept), but none made any difference.
06-18-2020 07:04 PM
So I'm to understand that the Firewall on this device is effectively useless, even after updating to the Jun-17 firmware?
With these rules, I expect to be able to connect into the restricted devices (web interface/SSH) but not have them connect out except for DNS and to the WAN. However, they can directly access any network resource.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide