Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
687
Views
0
Helpful
3
Replies

Small Business Router Firewall Rules

robbykilian
Level 1
Level 1

‎10-13-2014 08:33 PM

I have an RV120W small business router running the latest firmware. I created 2 VLANs, one for work and one for guest access. Problem is that I want to completely segment the traffic from the guest VLAN so that it cannot access anything on the work VLAN. I've tried setting the default outbound policy to block the traffic and even set a rule saying the range of addresses on the guest VLAN block any service to the work addresses. I want to make these firewall rules as secure as possible and essentially block everything, even on both VLANs and then create my own 'white list' however no matter what rule I try to put in, it seems to do nothing. Everything is still talking like the firewall isn't even there...

 

Labels:
0 Helpful
3 Replies 3

Ismael Arroyo
Level 1
Level 1

‎10-14-2014 10:05 AM

Robbykilian,

 

My name is Ismael. Iam with the Small Business Support Team. From my understanding you like to separate traffic from guest to reach your work Vlan. If your topology only include the router (RV120w) with no manage switch then no policy rules have to be put in place. The best thing to do is keep inter Vlan routing disabled for your guest vlan. This can be done under Networking>>>Vlan Membership. If both are disabled then both Vlans will not be able to communicate,but to route to the internet.

 

If the topology includes a managed switch on layer 3 and routing vlans then you would need ACL's within the switch alone. Hope this helps!

 

0 Helpful

robbykilian
Level 1
Level 1
In response to Ismael Arroyo

‎10-15-2014 08:09 PM

Hi there Ismael. Thanks for the quick response. So yes I am just using the router in this topology. I thought about disabling inter-VLAN routing however there are actually a few ports I wanted to allow through to the private VLAN (such as DNS, HTTP). I'm really just trying to figure out how exactly the access rules work on the Small Business series routers. Basically what I've been doing is defining a series of blocked outbound rules for each protocol that includes the source as the range of addresses I have for the guest VLAN and the destination as the range of addresses for the private VLAN. This approach doesn't seem to be working. Am I going about this in completely the wrong way?

0 Helpful

robbykilian
Level 1
Level 1
In response to robbykilian

‎10-19-2014 08:15 AM

So I went ahead and disabled inter-VLAN routing on the guest VLAN but it's still routing traffic to the private VLAN!!! I've attached two screenshots. One is showing that I do in fact have inter-VLAN routing disabled on the guest VLAN and the other is showing a host on the Guest VLAN (the 172.16.20.0 subnet) being able to SSH to a host on the private VLAN (the 172.16.10.0 subnet).

Preview file
147 KB
Preview file
9 KB
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents