Blocking inter-vlan and full acces to Internet
-
I have set up 20 Vlans , i would like to block communications inter-vlan and have a full acces to Internet for each vlan .
Have i to create rules likes ?
subnet vlan 1 ==> any ==> pass
subnet vlan 1 <==> vlan2 ==> block
subnet vlan 1 <==> vlan3 ==> block
subnet vlan 1 <==> vlan4 ==> block
etc ..
subnet vlan 2 ==> any ==> pass
subnet vlan 2 <==> vlan1 ==> block
subnet vlan 2 <==> vlan3 ==> block
subnet vlan 2 <==> vlan4 ==> block
etc …Is there a way to define less rules ?
Best regards
-
without having tested it myself but it should work just fine with alias
/F
-
1: Create an alias containing all your vlans.
2: Create a single "allow" rule with
source: any
destionation: !youralias (NOT your alias)
3: Repeat 2. on each VLAN interface.Like this traffic to the internet will be allowed, but traffic to your vlans will be denied by the default block all rule.
