This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Block traffic via SSID firewall

Block traffic via SSID firewall

Go to solution
ErickLeon
New Contributor

‎02-27-2024 01:12 PM

Hello, I have 2 Wireless Lan.
Corporate and visitors.
I need to block access to my server network when access is made on the guest LAN. Ex: lan 192.168.4.0/24
I created the rules and applied them as follows, but it blocks all access

ErickLeon_1-1709068215191.png

 

ErickLeon_0-1709068181166.png

ErickLeon_2-1709068294512.png

 

 

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Christoph_S
Extreme Employee

‎02-28-2024 05:38 AM

Hello Erick,

Hello @ErickLeon,

You have an explicit deny all rule (you can't see this this) at end of firewall. You need to add an allow all rule to allow all other traffic. The rules will be executed from top to bottom so traffic will be denied from a certain subnet to your corp network but allowed all other traffic out to internet. 

Example:

GUEST WLAN SETUP:

If guest WLAN is going to go through corp network you will have to configure ACL rule for same by going back to Configuration >> Security >> IP Firewall Rules >> Create a New ACL (example  Guest_WLAN_ACL) >> Add following rules:

1 - Allow: Deny

Source: Network (IP of network subnet: Example 192.168.0.0/24)

Destination: Network (IP of corp network: Example 10.0.0.0/24)

Christoph_S_0-1709127389826.png

2 – Allow: Permit

Source: Network 192.168.0.0

Destination: Any 

Christoph_S_1-1709127428968.png

Create Guest WLAN >> go to Firewall >> IP Firewall Rules >> Inbound IP firewall .

 Christoph_S_2-1709127446641.png

In short, you'll need an allow all rule at the end of your firewall to allow all other traffic through. 

 Best regards

 

Christoph S.

View solution in original post

0 Kudos
1 REPLY 1

Go to solution
Christoph_S
Extreme Employee

‎02-28-2024 05:38 AM

Hello Erick,

Hello @ErickLeon,

You have an explicit deny all rule (you can't see this this) at end of firewall. You need to add an allow all rule to allow all other traffic. The rules will be executed from top to bottom so traffic will be denied from a certain subnet to your corp network but allowed all other traffic out to internet. 

Example:

GUEST WLAN SETUP:

If guest WLAN is going to go through corp network you will have to configure ACL rule for same by going back to Configuration >> Security >> IP Firewall Rules >> Create a New ACL (example  Guest_WLAN_ACL) >> Add following rules:

1 - Allow: Deny

Source: Network (IP of network subnet: Example 192.168.0.0/24)

Destination: Network (IP of corp network: Example 10.0.0.0/24)

Christoph_S_0-1709127389826.png

2 – Allow: Permit

Source: Network 192.168.0.0

Destination: Any 

Christoph_S_1-1709127428968.png

Create Guest WLAN >> go to Firewall >> IP Firewall Rules >> Inbound IP firewall .

 Christoph_S_2-1709127446641.png

In short, you'll need an allow all rule at the end of your firewall to allow all other traffic through. 

 Best regards

 

Christoph S.
0 Kudos
GTM-P2G8KFN