CP and LAN accessible once authenticated
- 
 Hello, 
 there's something wrong with my setup, once users are authenticated via the CP listening on GUESTS interface they can access resources on LAN side.I have 3 NICs (LAN,GUESTS,WAN), on GUESTS side I have the attached rules. No rules on LAN except default anti-lockout rule. On a remote machine on LAN subnet I can see traffic from pfSense LAN address instead of GUESTS clients IP addresses, so any firewall rule I apply to GUESTS subnet is ignored and traffic not being blocked. 
 Is this expected?thank you B. edit: I'm on 2.0RC3 
  
 
- 
 Do you have any nat rules on the GUEST or LAN interface? 
- 
 i have a single TCP port forward from WAN to a GUESTS host, but no NAT rules on LAN/GUESTS and AONAutomatic Outbound NAT is active
- 
 well, I have transparent proxy enabled too, to log and report CP traffic. 
 if I turn it off I can no longer access LAN devices, so it's because of it.
 is there a rule to avoid this? or maybe I should post this question to a more appropriate section?thanks 
- 
 YEah its not for CP. 
 Though you can stop this through floating rules with direction out and source pfsense itself.
 Or on the proxy just block the LAN sites.
- 
 or even use "Bypass proxy for these destination IPs" and block whole LAN subnet via normal firewall rules. thanks for the support