FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
451 views 3 comments
by anonymous
Hello,

i have a rutx09 connected to the internet ofcourse trough WAN and a failover 4g.

I also have a few things connected on lan and i have a few vlans.

for example i use 192.168.77.1 for my office clients.

i use 192.168.33.1 for my home clients.

How can i setup the device that the vlan on 192.168.33.1 only can reach the internet and back i dont want people connected on that vlan to reach the clients in the office etc.

if any further info is needed let me know.

BR,

Tansu

1 Answer

0 votes
by anonymous

Hi,

To avoid communication between the hosts from different LAN networks, you will have to enable a firewall zone for each LAN interface configured on your router. Right now, you probably have all the LAN interfaces covered on the same firewall zone (LAN). 

To change this default configuration, please enter on your WebUI and follow this path: Network > Firewall > General Settings > Zones. Then, click on the pencil icon to edit the "LAN => WAN" Zones Forwarding. A new window will prompt, look for the covered networks field, and select only one of the LAN interfaces associated with your VLAN/network. For simplicity purposes, I will assume you will choose the home client LAN. To finish, save the configuration.

The following step is to create a new Zone Forwarding for your other LAN network. Add a new LAN "LAN_2" zone and choose to accept all three policies (Input, Output, Forward). Then, select your office client LAN inside the covered networks field, add your WAN zone to allow forward to destination zones, and save the changes.

Now, click on edit the WAN Zone forwardings; in "INTER-ZONE FORWARDING," add your "LAN_2" to the field "Allow forward from source zones"  and click on "Save & Apply."

To finish, verify that the hosts from different LAN networks don't reach each other and that you have internet access on both networks.

I hope this information helps to solve your query. I will keep an eye on your comments.

Regards.

Best answer
by anonymous

Hello,

Thank you for the comment but im still stuck.

Vlan33 is the one i want to isolate it is the private network.

in the zone lan>wan i deleted the vlan33 in covered networks.

I made a new zone and added in the vlan33 and allow forward to dest zones wan.

but in allow forward from source im not seeing the vlan33.

what im a doing wrong?

BR,

Tansu

by anonymous

Hi,

Below I will drop some image URLs to you to compare them with your Firewall Zone Forwarding entries.

Zone Forwardings:

https://community.teltonika-networks.com/?qa=blob&qa_blobid=9527068876415089946

Zone LAN (default VLAN 1):

https://community.teltonika-networks.com/?qa=blob&qa_blobid=14764777578746732650

Zone LAN33 (VLAN 33):

https://community.teltonika-networks.com/?qa=blob&qa_blobid=8721137593860615015

Zone WAN (Here, you will add the LAN33 zone to the "Allow forward from source zones" field):

https://community.teltonika-networks.com/?qa=blob&qa_blobid=1967837460177115014

I hope it is clear now. I will keep an eye on your comments.

Regards.

by anonymous
Hi,

Thank you i did this and added traffic rules to reject if one lan wants to attempt a other lan and it works fine!