Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
872
Views
0
Helpful
4
Replies

I want to block two VLANS from pinging eachother

wfirth2012
Level 1
Level 1

‎09-01-2023 06:42 AM

Hi so I have a layer 3 switch with two vlans on which are then connected to a firewall through a trunk port, i have a DHCP server setup on the firewall which works as it should however i dont want the two VLANS to be able to ping each other only their own gate way how would i do this? any help would be appreciated 

Labels:
0 Helpful
4 Replies 4

Kasun Bandara
VIP
VIP

‎09-01-2023 06:57 AM

@wfirth2012 i assume your gateway is at firewall for those VLANs. you can use ACL to block ICMP traffic between VLANs.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB
0 Helpful

wfirth2012
Level 1
Level 1
In response to Kasun Bandara

‎09-01-2023 07:00 AM

THe ACL on the firewall is very basic from what i canScreenshot 2023-09-01 150144.png see and will only let me block all pings, i will attach a photo for better reference 

0 Helpful

Kasun Bandara
VIP
VIP
In response to wfirth2012

‎09-01-2023 06:20 PM

@wfirth2012 seems like you are using sohpos. in sophos you need to configure firewall policies to do that. 

https://www.youtube.com/watch?v=uqz-UOVIaA0&ab_channel=NoorNetworks

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB
4.2 How to Create Firewall Rules and Policies in Sophos XG Firewall {Hands-on LABS}
4.2 How to Create Firewall Rules and Policies in Sophos XG Firewall {Hands-on LABS}
youtube.com/watch?v=uqz-UOVIaA0&ab_channel=Noor...
In this Video we will configure Firewall Rules and Linked the NAT Rules. We will create Firewall Rules using different Objects and Services. Sophos XG Firewall Series: https://www.youtube.com/playlist?list=PLW7Uff4NY2n-oJ2nxiSAXW2mb86POx6oU #CreateFirewallRulesandPolicies #SophosFirewallObject ...
0 Helpful

Martin L
VIP
VIP

‎09-01-2023 07:28 AM - edited ‎09-01-2023 07:36 AM

This could be done with so called VLAN Maps directly on L3 switch.  VLAN Maps also control filtering within a VLAN (as far as I know the only way to do so).  VLAN maps have no direction, instead, To and From (source or destination) is controlled by Extended ACL inside VLAN map.  Then you will also need a match clause (a map) for IP, network, even MAC.  The action command specified what to do with match; default is to forward, but you could deny or redirect (on some high-end switches).

example:

ip access-list Extended NAME

permit icmp any any   <match what/who/to/from

vlan access-map MAP1  10

match ip address NAME

action drop  << what to do with it

vlan access-map MAP1  100  <<default action applies here

vlan filter MAP1  vlan-list 1,10,100   <<< apply to what vlan or vlans (here 1,10,100 only)

VLAN Maps are very tricky and confusing at first; it may take some practice to get used to.

Regards, ML
**Please Rate All Helpful Responses **

0 Helpful
Customers Also Viewed These Support Documents