Products Firewalla Gold SE Firewalla Gold Pro Firewalla Gold Plus Firewalla Purple Firewalla Purple SE Firewalla Wi-Fi SD Product Comparison Product Reviews

nmap scan across networks isn't blocked by rules

Follow
Avatar
robcork

I have an IOT vlan that i've created a rule that blocks all traffic to all local networks. I've confirmed that i can't access local devices on LAN from IOT but when i run a host discovery using nmap (nmap -sn 192.168.x.x/24), it discovers every device on my LAN network. Why is nmap able to bypass the firewall rules?

0

Comments

3 comments

Sort by Date Votes
  • Avatar
    Firewalla

    What rules did you configure between the segments? 

    Try settings->advanced->configurations->block ICMP and see if it works

    0
    Comment actions Permalink
  • Avatar
    robcork

    I have a Block rule matching "Traffic to All Local Networks" on network "IOT" and schedule is "Always".

    I had already enabled "Block ICMP (Ping)" on both the IOT and LAN networks but nmap still finds all the devices on LAN. 

     

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Are you running them all on the same LAN or a different LAN? are your segments VLAN or port-based?

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post