Limit SSL to clients inside the LAN

Follow

J Smith

• January 11, 2022 06:45

TL;DR: The firewalla thinks the source IP is my Xfinity router, preventing me from limiting inbound traffic to a specific source IP range.

I have a firewalla gold in router mode, between my Xfinity WAN and an access point for my LAN.  One of the devices on my LAN is operating as a web service with SSL.  Because SSL certs require a DNS name, I have the DNS set to point to my Xfinity router, with port forwarding to the device on the LAN.  Because of this, any time I connect to (e.g.) "https://www.mydomain.com", the firewalla thinks that the source IP is the public-facing IP address of my WAN router.  I want to be able to set a rule that limits connections to my web service to originate only from the LAN, and perhaps one port of the web service to allow clients originating from only the United States.

Is there any way to make this work?

0

• 

  Aaron R

  • February 19, 2022 17:08

  Yes. Search for DMZ on firewalla support

  0

  Comment actions Permalink

Please sign in to leave a comment.