Confusion about blocking rules

Follow

John A

• March 02, 2021 06:04

Hi,

I am trying to understand the block rule "Traffic from & to All Local Networks". The way I read that is if I assign the rule to a device, it will essentially only allow internet access. What I'm seeing in reality though is it doesn't appear to do anything. I assign the rule to a device (a Windows 10 laptop) and I'm still able to access resources on the local network, such as an Apache webserver, a printer, etc. 

Am I just fundamentally misunderstanding this rule?

What I'm trying to accomplish here is allow a device to access the internet, but nothing else. I realize a VLAN is probably the "right" way to do this, but I was hoping for a simpler solution.

0

• 

  Firewalla

  • March 02, 2021 06:41

  The blocking Local Network only works if you are segmentation (either via physical ports on the Gold, or VLAN interfaces).

  So, if your device to be blocked are all on the same segment, firewalla, because it is a router, will not able to see or filter traffic from the same network.  This traffic flows inside the layer 2 LAN network, and never touches Firewalla (layer 3).

   

  0

  Comment actions Permalink
• 

  John A

  • March 02, 2021 15:06

  That makes perfect sense, and seems obvious in hindsight. Thanks for the explanation!

  0

  Comment actions Permalink
• 

  Miraculix

  • September 16, 2022 16:58
  • Edited

  How does this logic apply to user connected via VPN to the local network? Are they also concidered to be in the inside the local network, are are they technically outside since traffic flow goes through firewalla?

  0

  Comment actions Permalink
• 

  Firewalla

  • September 16, 2022 18:08

  The VPN side is also its own network. So you can apply rules to it "On Network"; you can also block Matching "Traffic from local network" to VPN network. ( etc ...)

  0

  Comment actions Permalink

Please sign in to leave a comment.