FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

14455 questions

17168 answers

28195 comments

0 members

We are migrating to our new platform at https://community.teltonika.lt. Moving forward, you can continue discussions on this new platform. This current platform will be temporarily maintained for reference purposes.
0 votes
81 views 1 comments
by anonymous
I have two private subnets, each with a TRB140 gateway, they are connected together via the OpenVPN connection via the Germany OpenVPN server.

On one subnet is a PC running 2 Virtual Machines. One is a Win Server 2022 running a DNS server. The other VM is a CentOS 7 Linux running a web based management console.

The other subnet is a PC running software managed by the web based management console in the other subnet.

Both subnets still have internet access but I need to lock these subnets down so that they communicate with each other but no internet access at all. Would the TRB40's be capable of configuring this option or would it have t be done via the Windows firewall?

1 Answer

0 votes
by anonymous

Hello,

You can use a firewall on TRB140 to restrict internet access.

When you configure OpenVPN, there should be another firewall zone added. So, there should be LAN, WAN, and OpenVPN firewall zones in Network -> Firewall -> General. Also, a firewall traffic rule in Network -> Firewall -> Traffic rules is automatically created when you configure OpenVPN. This rule serves the purpose of opening a port from the WAN side to the OpenVPN instance, enabling the establishment of the VPN connection.

By default, all traffic from LAN is allowed to WAN. What you can do is block all traffic from LAN -> WAN. To do this, edit LAN => WAN zone and remove 'wan' from 'allow forward to destination zones'. This will drop all packets going from LAN to WAN. Then, you can manually add traffic rules to allow only necessary traffic from LAN to WAN. You can find more information about traffic rules here.

You can leave the WAN and OpenVPN zone as they are.

Kind Regards,

Andzej

by anonymous
Thank you Andzej I will give that a try.

Andrew