Restricted certain IP on the same interface

Forum|Forum|8 years ago
March 29, 2018
1 reply
5640 views

hi there,

I want to make certain host (based on IP) can't accessible from some IPs.

the purpose is, DHCP user can't access certain hosts on the same interface. the user only can use/connect public hosts (such as network printer).

already try to make :

- policy interface_1 to interface_1, from dhcp IP to IP public hosts.

- policy interface_1 to interface_1, from dhcp IP to certain IP, blocked.

- policy route, from dhcp IP to certain IP, blocked.

alll policy use subnet mask 255.255.255.0

those policies not work.

any advice would be grateful. thank you.

Best answer by dmcquade

Typically hosts on the same subnet can communicate freely with each other because the traffic does not need to be routed, hence they will not traverse the firewall. Probably best to segment the traffic by either using different interfaces or configuring the firewall interface as a trunk on the switch and add VLAN interfaces to it. You could also create a zone for both VLANs effectively giving all devices on both VLANs the same policy and block intra zone traffic in the zone config.

hth

d

dmcquadeAnswer

New Member

Typically hosts on the same subnet can communicate freely with each other because the traffic does not need to be routed, hence they will not traverse the firewall. Probably best to segment the traffic by either using different interfaces or configuring the firewall interface as a trunk on the switch and add VLAN interfaces to it. You could also create a zone for both VLANs effectively giving all devices on both VLANs the same policy and block intra zone traffic in the zone config.

hth

d

papapuffAuthor

New Member

Hi,

thanks for reply.

currently vlan and use different interface not an option for us. anyway thanks for sharing.

thank you

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded