VLAN - Group - Device and Internet access management issue

Comments

4 comments

  • Avatar
    Firewalla

    You should not need to explicitly add "allow to the internet" from VLAN or groups. Any reason you are doing this?  allow rules gives exceptions and not sure if that's your issue. try to remove it.

    0
    Comment actions Permalink
  • Avatar
    Deepblue01

    Actually VLAN has explicit block to/from internet.
    Yes, I am trying to track and explicitly give permission to certain devices to reach internet.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    If you have a block to the internet, then it is likely the "allow' to internet overrides that control. Try to allow just a special destination, not all internet.

    Since the internet is so connected, unless you are running deterministic applications, which you know where the app is going for sure, you should not block and then allow. 

    0
    Comment actions Permalink
  • Avatar
    Deepblue01

    Thank you for your help. 

    I realized that you have "New device quarantine" and it can be applied to specific VLAN. This actually addressed my need to block new devices as they show up on network.

    So I have removed VLAN based to/from internet block. Now I am able to apply rules at group level and getting results as expected.

    Thanks again for your help and quick response.

    0
    Comment actions Permalink

Please sign in to leave a comment.