TL;DR: The firewalla thinks the source IP is my Xfinity router, preventing me from limiting inbound traffic to a specific source IP range.
I have a firewalla gold in router mode, between my Xfinity WAN and an access point for my LAN. One of the devices on my LAN is operating as a web service with SSL. Because SSL certs require a DNS name, I have the DNS set to point to my Xfinity router, with port forwarding to the device on the LAN. Because of this, any time I connect to (e.g.) "https://www.mydomain.com", the firewalla thinks that the source IP is the public-facing IP address of my WAN router. I want to be able to set a rule that limits connections to my web service to originate only from the LAN, and perhaps one port of the web service to allow clients originating from only the United States.
Is there any way to make this work?
Please sign in to leave a comment.