FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
289 views 2 comments
by anonymous

Hello,

Currently I am configuring RUT950 to be used as site internet access as such I have set this system as follows,

Port 01 ==> 192.168.1.1/30 

Port 02 ==> 172.16.0./30

Port 03 ==> Disabled

Port 04 (WAN) ==> Disabled

I have also one Vlan for Port 02

Firewall setting under custom setting restrict inter Vlan communications.

What I am unable to achieve at present restricting WebUi access to Port 01 only as port 02 will be used for Internet access to any device connected to it. and I do not want Port 02 to have WebUI access.

Would you help.

 Regards

1 Answer

+1 vote
by anonymous

Hello,

The workflow in your case would be to first create a separate firewall zone for your VLAN on port 2, if you have not already, and then create a traffic rule preventing device access on HTTP, HTTPS, SSH ports.

In the WebUI navigate to Network -> Firewall -> General settings. Add a new firewall zone, attach VLAN interface to Covered networks option and allow forwarding to WAN.

Make sure your VLAN interface is attached to this firewall zone in Network -> Interfaces by editing VLAN interface settings and switching to Firewall settings tab.

Create a new traffic rule rejecting connections to the device, originating from VLAN firewall zone in Network -> Firewall -> Traffic rules. Scroll to the bottom of the page, add a new instance of Open ports on router type. Configure the following:

  • Source zone: <Your_VLAN_firewall_zone>
  • Destination zone: Device (input)
  • Destination port: 80, 443, 22 (unless you have replaced default values in System -> Administration -> Access control)
  • Action: Reject

This should prevent device access on VLAN associated with port 2.

Best regards,

Best answer
by anonymous
Hello,

Many thanks for quick response, I will have to check your solution over the weekend, and advice back.

Once again many thanks.
by anonymous
Hello Again,

Just to say many thanks for the above all worked like intended thank you so much.

Regards

T