Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
NoneEng
New Contributor III

Created on ‎09-13-2024 06:46 AM

Communication Attempts Between WLANs and VLANs

Hello!

 

I have several WLANs in Tunnel traffic mode (FortiAPs) with their own DHCP configuration, using external DNS.

Additionally, I have VLANs that use our internal domain DNS/DHCP.

 

The issue is that devices on these WLANs are attempting to communicate with devices on the VLANs (and vice versa).

For example, logs related to Windows Delivery Optimization (TCP/7680) show this activity. Since there are no policies allowing communication between these networks, my logs are getting filled with 'implicit deny' entries:

fdFMQ0CUIE.png

Same thing here:

EleOqcuWS7.png

 

I could be mistaken, but since the tunnel is sending WLAN traffic directly to my Fortigate, and the only policy in place is for outbound to the WAN, devices on different networks shouldn't be able to see each other, correct?

Where might the misconfig be?

 

Thanks in advance.

Labels:
539
0 Kudos
1 Solution
AEK
SuperUser
SuperUser
In response to NoneEng

Created on ‎09-13-2024 01:24 PM

Hello

The WLAN interface is like other interface for the firewall, it means if you don't have any firewall rule allowing some traffic between the two networks then they can't see or access each other. And we can see on your logs that the firewall is blocking the traffic as expected.

In that case any attempt from a client to access the other network may have one of the following reasons:

  • Some user from WLAN knows the other network and tries to access it
  • There was some application configured to access some resource on the other network and it is still trying
  • A scan program or possibly a malicious program trying to scan the network

By monitoring the behavior you can understand which kind of case it is.

AEK

View solution in original post

AEK
452
0 Kudos
5 REPLIES 5
AEK
SuperUser
SuperUser

Created on ‎09-13-2024 08:18 AM

Hello

It depends on usage and requirements.

E.g.: A guest VLAN/WLAN is not supposed to see Corp VLAN/WLAN.

But between two Corp VLANs/WLANs you may want to allow some communication between clients like file sharing and so.

AEK
AEK
499
0 Kudos
NoneEng
New Contributor III
In response to AEK

Created on ‎09-13-2024 11:36 AM

Hey @AEK

 

I understand, but the issue is that devices from a tunnel WLAN are "seeing" devices on a corporate VLAN.
Correct me if I'm wrong:
With the WLAN set to Tunnel traffic mode, it should isolate the WLAN from other networks, shouldn't it?
However, this isn't happening as expected, as there are attempts to communicate between them, as shown in the logs above.

 

459
0 Kudos
AEK
SuperUser
SuperUser
In response to NoneEng

Created on ‎09-13-2024 01:24 PM

Hello

The WLAN interface is like other interface for the firewall, it means if you don't have any firewall rule allowing some traffic between the two networks then they can't see or access each other. And we can see on your logs that the firewall is blocking the traffic as expected.

In that case any attempt from a client to access the other network may have one of the following reasons:

  • Some user from WLAN knows the other network and tries to access it
  • There was some application configured to access some resource on the other network and it is still trying
  • A scan program or possibly a malicious program trying to scan the network

By monitoring the behavior you can understand which kind of case it is.

AEK
AEK
453
0 Kudos
NoneEng
New Contributor III
In response to AEK

Created on ‎09-16-2024 04:03 AM

Alright. Just needed to confirm that. Thanks @AEK!

371
0 Kudos
NoneEng
New Contributor III
In response to AEK

Created on ‎09-16-2024 11:30 AM Edited on ‎09-16-2024 11:47 AM

-

345
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.