Apply a firewall rule for user
-
Dear All,
why there isn't an option to apply a spastic rule for 1 user or group users in the source ?? because I'm facing a problem after applying the Captive Portal BLOCKED all the traffic for my LAN network also Captive Portal override the Firewall Rules.
My scenario that I want to allow some users in my LAN to access the internet with Qos or bandwidth limit on the other hand the Captive Portal can limit the bandwidth BUT it will for all the LAN devices.
Kindly need some recommendation -
@mohkhalifa said in Apply a firewall rule for user:
why there isn't an option to apply a spastic rule for 1 user
A specific rule?
You just need to limit some users on LAN but leave other users unrestricted?
You can do that using Limiters as long as you can defined a firewall rule to match them. That probably means you need to use static IPs or dhcp leases.Steve
-
@stephenw10 Also the VPN can not access my LAN Network. So, my solution till now after applying the Captive Portal is to bypass the unauthenticated with adding some IP addresses and creat a separate firewall for them. Is it the right way ?
-
Do you need the captive portal or are you just using it to get bandwidth limiting? You can just use the Limiters it uses directly without having to bother with the captive portal at all.
-
@stephenw10 I need CP and the problem that if CP enabled, all the firewall rules not working, which means the CP override the fw rules. !!!!
-
The captive portal works at layer 2, so yes it will always block traffic that has not been allowed not matter what the layer 3 firewall rules show.
If you need clients to not have to use the portal add them to the pass lists in the captive portal setup.
Steve
-
@stephenw10 the captive portal on my LAN network which means i will add many IPs and subnets and I must configure a rules for them all in the firewall. that's right ?
-
If you want them to pass the CP without logging in they need to added to the pass lists there.
They will then be subjected to firewall rules on LAN like all the traffic.Steve
-
Thanks dear for your kind reply :)
