VLAN Rules
-
So I have been having an issue trying to find the best way to set up firewall rules for my VLANS to stop talking to each other. Do I need to block all the VLANs individually as shown attached or is there a more simple way of doing this? There are 2 VLANS that need access to the others such as the Backup VLAN needing access to all the VLANS (VEEAM) and ActiveXperts for network monitoring. Thank you!!
-
@natethegreat21 create an alias with your subnets in that you want to block then do something like this:-
NB I have IPv4 & v6 on my vlans.
-
@nogbadthebad Okay will do and just wondering if the way I set this up if it would work or not please
-
@natethegreat21 it would, the only issue would be if when you added another vlan you'd need to apply another rule to each interface, rather than just adding the new subnet to the alias.
-
@nogbadthebad I see what you mean. Thank you so much!
-
@natethegreat21
Most on here just create an alias for all RFC1918 space.
That way you wouldn't even need to add a new subnet to the alias since it already covers all private IP addresses. -
@natethegreat21 you can for sure block specific as you have done. But as mentioned its easier to just create an alias that either contains your specific networks, or just all the rfc1918 networks.
You could create an alias with your full prefix for your IPv6 space. Problem with dynamic ipv6 is that could change - which is one of the reasons I prefer tunnel from HE, I get a /48 to do with what I will and it doesn't change.
