How to block a device from accessing other devices in the same LAN network?

If you only have one LAN network created on Firewalla Gold and you want to isolate one device from talking with other local devices in the network, Rules will not work by themselves.

However, with Gold, you can create different networks on each of the three physical ports on your Gold and then create rules to control devices between each network or Virtual LANs (VLANs) and then use Rules to accomplish this.

Option 1: Use a different port on Firewalla Gold and create a new LAN

On your Firewalla Gold's Network Manager, create a separate LAN using a different port from your main network.

Then, connect the device(s) to the separate LAN. You can connect them to the network by directly wiring the device to the segmented port, or by connecting wirelessly using an Access Point connected to that port.

Finally, on the separate LAN, add a rule to BLOCK traffic From and To Local Networks. See this guide for more details.

For example,

• Port 1 could be a network for personal devices on 192.168.0.1/24
• Port 2 could be a network for IoT devices on 192.168.2.1/24, with the rule to BLOCK traffic from and to local networks.

Then, you could make a rule that an iPad at 192.168.0.14 could be allowed to go to an Apple TV at 192.168.2.22, but no other device would be allowed to do that.

See our Network Segmentation article for more information.

Option 2: Use VLAN

You can also create VLANs, which allow you more than just three networks that Gold offers. However, this option may be more complex and requires a managed switch. See also Working from Home, Better, Smarter & Secure.

Option 3: Use the Firewalla AP7

With the Firewalla AP7, you'll have more control over your LAN. With features such as VqLAN and Device Isolation, you don't need to place your devices on separate networks to isolate and block local traffic. Learn more about microsegmentation with the AP7 here.