If you only have one LAN network created on Firewalla Gold and you want to isolate one device from talking with other local devices in the network, Rules will not work by themselves.
However, with Gold you can create different networks on each of the three physical ports on your Gold and then create rules to control devices between each network or Virtual LANs (VLANs) and then use Rules to accomplish this.
Option 1 Create a dedicated separate network on Gold.
- Create a dedicated separate network on Gold.
- Connect the device(s) you'd like to isolate to it.
- On that network, BLOCK traffic From and To Local Networks.
See this guide for more details.
For example,
- Port 1 could be a network with devices on 192.168.0.1/24
- Port 2 could be a network with devices on 192.168.2.1/24
- Port 3 could be a network with devices on 192.168.3.1/24
then you could make a rule that an iPad at 192.168.0.14 could be allowed to go to an Apple TV at 192.168.2.22 but no other device would be allowed to do that.
You can also build rules to allow all devices on Port 3 to talk to any device on Port 1 if you wanted to as if they are on the same network.
Option 2: Physically connect the device directly to a LAN port of Gold to force all traffic routing through Gold even if they are in the same network. Then block traffic from and to Local Networks on the device.
Option 3: Create VLANs
You can also create VLANs which allow you more than just three networks that Gold offers but that is more complex and you need a managed switch. See also Working from Home, Better, Smarter & Secure.
Comments
1 comment
Is there a way to prevent network scan discovery?
I followed this article and did successful prevent devices on same lan from access each other, but I was still able to perform a network scan from my phone.
Is there a way to prevent that as well with in a rule?
Please sign in to leave a comment.