Simple question about traffic rules

If i setup a vlan that belong to firewall zone vlan (vlan - wan), do i need to set up traffic rules for that or not (same lan traffic rules), since that is a different interface? Thanks in advance.

There's no way to answer this without more information.

The zone's primary rules are very broad -- defining input, output, and forward. Then there are the basic forwarding rules (i.e. lan > wan, etc.). Sometimes there may be additional rules added such as port forwards or opening ports or restrictions.

If you assign a network to a zone and that zone already has the desired allow/deny rules, then you're done. If not, you may need to create more granular rules and/or assign the network to a different zone to allow more flexibility in the rules.

So, what are your desired allow/deny behaviors for that network? And what does your firewall look like now?

1 Like

So i have 3 zones, the default 2 zones LAN, WAN, and my Vlan10 zone (Vlan10 -> wan), with the same default rules that the default LAN zone has. In traffic rules tab there are the default rules too, i just was wondering if i need to create the same that the LAN has by default for my VLAN zone or not, just that. Thanks in advance.

It depends on your goals. Can you describe your desired security requirements with each network?

I just want to block SMB on my local network, i did for WAN, but i just was a wondering if a need the same rules that i have for LAN to WAN in my VLAN zone (the same default rules, traffic rules, you know).

Just to confirm -- are you trying to block SMB between two or more device on the same network, or between networks?

And is the 'SMB' you are refering to 'server message block' file sharing (also called Samba)?

In both. Yes, i want to block samba.

You will be able to block SMB connections between two networks, but you cannot block it on the same network (at leats not traditionally/easily).

If the traffic physically must flow through the router device (i.e. no other external switches or APs), you can try bridge firewall which might work for your needs.


This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.