This is so cool, but I am not comprehending something about LAN configuration on the FW Gold

Follow

Scott

• September 10, 2021 18:08

So far, love this gold. It has already combined multiple apps and devices and helped me really understand some aspects of networks I was struggling with. I had looked at the Ubiquity DRM and a few other competitors and the gold was just the right choice to make. 

I am stuck on understanding some of the LAN configuration matters on the gold. I have my cable modem connected to the WAN port and all is well with that. I have two separate LANs, one of trivial stuff like webcams, printer, smart TVs, and a few laptops (LAN-JUNK) and one with my PCs, NAS units, and things I care about (LAN-PRIMARY). LAN-JUNK is separate hardware until the FW Gold and is on port 3. LAN-PRIMARY is on ports 1 and 2 and has its own hardware as well. There are two things I want to do but I don't understand the configuration I need to do in the FW Gold and if I missed it in the manual my bad.

1. I want to ensure isolation between the LANs, I don't want a guest laptop or Smart TV on LAN-JUNK even seeing my devices on LAN-PRIMARY.

2. I have two exceptions to #1. I have a printer on LAN-JUNK I want to print to from LAN-PRIMARY and a NAS on LAN-JUNK that I want external access to (its serving to PLEX on my mobile devices) and I want to be able to drop files on that NAS and do backups from LAN-PRIMARY.

I don't see any config options in FW that really let me do these things. Is there documentation on getting this done, I am not too lazy to read but I haven't found it.

0

• 

  Chris Thomas

  • September 23, 2021 17:11
  • Edited

  With the Firewalla platform, it helps to remember that by default, all outbound traffic from a network is permitted (default allow).  And stateful firewalls track sessions, so it's all about who 'initiates' the connection.

  Therefore, you would create a firewall rule to block 'Traffic to All Local Networks' from 'LAN-JUNK'.  This would allow devices in LAN-PRIMARY to initiate connections to devices in LAN-JUNK, but would not allow devices in LAN-JUNK to initiate connections to devices in LAN-PRIMARY.

   

  Rules > Add Rule

  Action = Block
  Matching = Traffic to All Local Networks
  On = LAN-JUNK
  Schedule = Always

   

  0

  Comment actions Permalink
• 

  Scott

  • September 22, 2021 04:25

  That helped me sort it all out, I had made a set of rules that actually did all that but as it turns out your suggestion was a much simpler way. Its a learning curve but going well.

  0

  Comment actions Permalink
• 

  Chris Thomas

  • September 22, 2021 13:08

  Scott,

    Excellent, happy to help.

   

  ..ct

  0

  Comment actions Permalink

Please sign in to leave a comment.