https://community.extremenetworks.com/t5/extremewireless-wing/block-traffic-via-ssid-firewall/m-p/99446#M9394 <P>Hello, I have 2 Wireless Lan.<BR />Corporate and visitors.<BR />I need to block access to my server network when access is made on the guest LAN. Ex: lan 192.168.4.0/24<BR />I created the rules and applied them as follows, but it blocks all access</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="ErickLeon_1-1709068215191.png" style="width: 400px;"><img src="https://community.extremenetworks.com/t5/image/serverpage/image-id/7010i910776403193FB5E/image-size/medium?v=v2&amp;px=400" role="button" title="ErickLeon_1-1709068215191.png" alt="ErickLeon_1-1709068215191.png" /></span></P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="ErickLeon_0-1709068181166.png" style="width: 400px;"><img src="https://community.extremenetworks.com/t5/image/serverpage/image-id/7009i198161DAD3387956/image-size/medium?v=v2&amp;px=400" role="button" title="ErickLeon_0-1709068181166.png" alt="ErickLeon_0-1709068181166.png" /></span></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="ErickLeon_2-1709068294512.png" style="width: 400px;"><img src="https://community.extremenetworks.com/t5/image/serverpage/image-id/7011i2732DE2E5A1F0DB7/image-size/medium?v=v2&amp;px=400" role="button" title="ErickLeon_2-1709068294512.png" alt="ErickLeon_2-1709068294512.png" /></span></P><P>&nbsp;</P><P>&nbsp;</P> Tue, 27 Feb 2024 21:12:18 GMT ErickLeon 2024-02-27T21:12:18Z https://community.extremenetworks.com/t5/extremewireless-wing/block-traffic-via-ssid-firewall/m-p/99446#M9394 <P>Hello, I have 2 Wireless Lan.<BR />Corporate and visitors.<BR />I need to block access to my server network when access is made on the guest LAN. Ex: lan 192.168.4.0/24<BR />I created the rules and applied them as follows, but it blocks all access</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="ErickLeon_1-1709068215191.png" style="width: 400px;"><img src="https://community.extremenetworks.com/t5/image/serverpage/image-id/7010i910776403193FB5E/image-size/medium?v=v2&amp;px=400" role="button" title="ErickLeon_1-1709068215191.png" alt="ErickLeon_1-1709068215191.png" /></span></P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="ErickLeon_0-1709068181166.png" style="width: 400px;"><img src="https://community.extremenetworks.com/t5/image/serverpage/image-id/7009i198161DAD3387956/image-size/medium?v=v2&amp;px=400" role="button" title="ErickLeon_0-1709068181166.png" alt="ErickLeon_0-1709068181166.png" /></span></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="ErickLeon_2-1709068294512.png" style="width: 400px;"><img src="https://community.extremenetworks.com/t5/image/serverpage/image-id/7011i2732DE2E5A1F0DB7/image-size/medium?v=v2&amp;px=400" role="button" title="ErickLeon_2-1709068294512.png" alt="ErickLeon_2-1709068294512.png" /></span></P><P>&nbsp;</P><P>&nbsp;</P> Tue, 27 Feb 2024 21:12:18 GMT https://community.extremenetworks.com/t5/extremewireless-wing/block-traffic-via-ssid-firewall/m-p/99446#M9394 ErickLeon 2024-02-27T21:12:18Z https://community.extremenetworks.com/t5/extremewireless-wing/block-traffic-via-ssid-firewall/m-p/99457#M9395 <P>Hello Erick,</P><P>Hello&nbsp;<a href="https://community.extremenetworks.com/t5/user/viewprofilepage/user-id/46561">@ErickLeon</a>,</P><P>You have an explicit deny all rule (you can't see this this) at end of firewall. You need to add an allow all rule to allow all other traffic. The rules will be executed from top to bottom so traffic will be denied from a certain subnet to your corp network but allowed all other traffic out to internet.&nbsp;</P><P>Example:</P><P><STRONG><U><SPAN>GUEST WLAN SETUP:</SPAN></U></STRONG></P><P><SPAN>If guest WLAN is going to go through corp network you will have to configure ACL rule for same by going back to Configuration &gt;&gt; Security &gt;&gt; IP Firewall Rules &gt;&gt; Create a New ACL (example&nbsp; Guest_WLAN_ACL) &gt;&gt; Add following rules:</SPAN></P><P><SPAN>1 - Allow: Deny</SPAN></P><P><SPAN>Source: Network (IP of network subnet: Example 192.168.0.0/24)</SPAN></P><P><SPAN>Destination: Network (IP of corp network: Example 10.0.0.0/24)</SPAN></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Christoph_S_0-1709127389826.png" style="width: 400px;"><img src="https://community.extremenetworks.com/t5/image/serverpage/image-id/7016i88D150817D679ADE/image-size/medium?v=v2&amp;px=400" role="button" title="Christoph_S_0-1709127389826.png" alt="Christoph_S_0-1709127389826.png" /></span></P><P><SPAN>2 – Allow: Permit</SPAN></P><P><SPAN>Source: Network 192.168.0.0</SPAN></P><P><SPAN>Destination: Any</SPAN><SPAN>&nbsp;</SPAN></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Christoph_S_1-1709127428968.png" style="width: 400px;"><img src="https://community.extremenetworks.com/t5/image/serverpage/image-id/7017iF04478F9D8954392/image-size/medium?v=v2&amp;px=400" role="button" title="Christoph_S_1-1709127428968.png" alt="Christoph_S_1-1709127428968.png" /></span></P><P><SPAN>Create Guest WLAN &gt;&gt; go to Firewall &gt;&gt; IP Firewall Rules &gt;&gt; Inbound IP firewall .</SPAN></P><P><SPAN>&nbsp;</SPAN><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Christoph_S_2-1709127446641.png" style="width: 400px;"><img src="https://community.extremenetworks.com/t5/image/serverpage/image-id/7018i3A12C31242711F0C/image-size/medium?v=v2&amp;px=400" role="button" title="Christoph_S_2-1709127446641.png" alt="Christoph_S_2-1709127446641.png" /></span></P><P>In short, you'll need an allow all rule at the end of your firewall to allow all other traffic through.&nbsp;</P><P><SPAN>&nbsp;</SPAN>Best regards</P><P>&nbsp;</P> Wed, 28 Feb 2024 13:38:58 GMT https://community.extremenetworks.com/t5/extremewireless-wing/block-traffic-via-ssid-firewall/m-p/99457#M9395 Christoph_S 2024-02-28T13:38:58Z