Best option to route a remote VPN user, via Firewalla WG/AmneziaWG, so they only have network access to a specific network group/target

Follow

RagingWhisky

• March 16, 2026 14:21

Having a complete 'moment' where without managed switches, be handy to have any thoughts on approach on routing options.

Scenario:

• Remote user (VPN client - WG) to the FW-Gold Pro
• FW-GP | 10gig port to unmanaged switch (10gig also) |  <--> NAS via 10gig link
• Is there a 'clean' way to point that VPN user connection to either the port being used by the NAS on the unmanaged switch to segment there access when accessing remotely, or would this need a swap out for managed switches to handle the last hop?
• Alternatively to scrap the idea, and just deploy a VPN server on the NAS and route from there.

Any thoughts on this type of scenario appreciated - I can think of "ways" to go about it, but trying to avoid over thinking it.

0

• 

  Firewalla CM

  • March 17, 2026 20:23
  • Edited

  Hi there,

  If you're looking to restrict access, you could create a rule on the VPN device to block traffic to all Local Networks and selectively allow traffic to the specific Network or device IP. Would this work for your use case?

  Here's a very specific example similar to your scenario: https://help.firewalla.com/hc/en-us/articles/360008521833-Manage-Rules#h_01GSFMQ5BKWJKJWRHBKKEJG2V0

  0

  Comment actions Permalink
• 

  RagingWhisky

  • March 17, 2026 20:58

  Knew I must've been overthinking it, will give it a go - much appreciated

  0

  Comment actions Permalink

Please sign in to leave a comment.