Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SA520 VLAN firewall rules

Hello,

I am new to the Cisco SMB Pro line and am setting up a basic config for an office. I have a SA520, ESW-520, and some AP541Ns. I am setting up multiple VLAN's for security reasons for both private wired devices and also for public internet served wirelessly.

I see the option to make a VLAN nout routable between others and that works perfectly for the public wireless. However when lookng at the firewall rules, I dont see anyway to create firewall rules between VLANs. If I setup a seprate VLAN and want to only open a few ports, or only to a few devices on another VLAN, there does not seem to be a way to do this. You have to select a zone, and VLAN are not listed here, only LAN, WAN, and DMZ. Also you cannot even select LAN to LAN and set the rule up by IP address.

I have to imagine that I am missing something, because this seems like a big ommisino. I am using the most recent firmware, version 1.1.65.

Everyone's tags (4)
3 REPLIES
New Member

Re: SA520 VLAN firewall rules

You are correct. SA500 doesn't support vlan firewall rules.

One possible way to achieve the blocking objective for some hosts is to move those hosts to another vlan and disable the inter-vlan routing for that vlan.

The hosts on that vlan can still go to the Internet but cannot reach the other vlans.

The "Inter-vlan routing" option is under LAN>Available VLANs.

Richard

New Member

Re: SA520 VLAN firewall rules

Hi,

It is possible to define a zone for each VLAN ?

In exemple in "DHCP Reserved IPs (LAN)" all VLAN are listed as VLANid. It would be great to have it in firewall part.

Being able to apply rules between VLAN looks obvious to me, I do not understand why is is not possible here.

I am currently using the last firmware that is "1.1.65" now.

Is it possible to enable this possibility in the next firmware ?

Do you know when the next one will be out ?

Thank you.

Best regards,

Fabrice

PS: A trick over ssh would be a workarount but ssh is also unavailable. (I do not know a trick)

New Member

Re: SA520 VLAN firewall rules

Hi Farbrice,

Unfortunately, SA500 doesn't support the vlan firewall today.

1664
Views
0
Helpful
3
Replies
CreatePlease to create content