VLAN simultaneous ping bypass firewall rule ??
-
Hi,
I'm having problems with firewall rules between vlans.I have below setup on my test lab:
LAN 192.168.13.0/24
VLAN213 192.168.213.0/24
VLAN223 192.168.223.0/24From VLAN213 I blocked access to LAN and to VLAN223:
protocol source port destination port gateway
block IPv4 TCP * * This Firewall (self) 443 *
block IPv4 * * 192.168.13.0/24 * *
block IPv4 * * 192.168.223.0/24 * *
allow IPv4 * * * * *If I ping from VLAN213 to an address on LAN or VLAN223 it is timing out, for example:
ping from 192.168.213.101 to 192.168.223.150 is not working BUT
if in the same time I run ping from the pc with IP
192.168.223.150 to 192.168.213.101 I start receiving ping results also from the client in the VLAN213 that was giving time out error.Is it normal?
Thank you.
-
@fellymar Normal? but yeah that can happen because you created an allow state when you started the reverse ping. "Kind of" how stun access works..
You create a connection in one direction to allow traffic from the other direction.