Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OPT Interface 4 in Watchguard 500

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F Offline
      fastcon68
      last edited by

      I have set up all of my interfaces in my 500x.  I would like to take opt 4 and which is a seperate vlan with it's on DHCP server and block all other interfaces from it with the exception of the Internet.  I looked in the forum and can't find any examples of this type of configuration.  Ultimately I would like to build a limited VPN tunnel from home to work on this isolated interface and be able to connect but have no access from any other subnet or vlan that is set up on my 500x.

      RC

      1 Reply Last reply Reply Quote 0
      • stephenw10S Offline
        stephenw10 Netgate Administrator
        last edited by

        I have something similar setup for my wifi interface.
        Devices connected to wifi can only access the internet and not any internal subnets.
        First I set an alias, I called it LOCAL as 192.168.0.0/16.
        That covers all the IPs I'm using internally, you may have something different.
        Then I set a firewall rule on the wifi interface:
        Allow-tcp/udp-source: wifi subnet-destination:!LOCAL
        Then another:
        Allow-tcp/udp-source: wifi subnet-destination:Wifi Interface-port 53
        This allows local DNS forwarding.

        By default everything else is blocked.

        This doesn't stop other interfaces accessing devices on wifi though.

        Steve

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.