0

I have a following network setup (of course a bit modified from the real situation)

Network

I would like to setup a LAN to LAN rule on the ZyWALL firewall so that only certain ports/ip adresses are allowed - I want to limit internet access form the LAN network to ADSL Modem - Internet.

ZyWALL

It will probably filter the communication between Device A & B and Device C. But will it have any impact on communication between Device A and Device B? Can I safely presume that any communication between A and B will remain untouched by the newly setup rule?

Found this in documentation:

From LAN To LAN means packets traveling from a computer on one LAN subnet to a computer on another LAN subnet on the LAN interface of the ZyWALL or the ZyWALL itself. The ZyWALL does not apply the firewall to packets traveling from a LAN computer to another LAN computer on the same subnet.

So LAN-LAN applies only to different subnets, so it will probably not affect traffic between 192.168.1.x and 192.168.1.1 at all.

But if I add another IP adress from another subnet, e.g. 192.168.10.2/255.255.255.0 to the ZyWALL's LAN interface as IP alias and I reconfigure the IP address of the ADSL Modem to be 192.168.10.1 and configure default GW on all devices to 192.168.1.2 and define static route on ZyWALL to route outgoing traffic to 192.168.10.1, then it should possibly work?

Vojtěch Dohnal
  • 163
  • 1
  • 3
  • 18

1 Answers1

1

Connect your Modem to the WAN port of your firewall. This will allow you to set LAN-WAN rules (for example drop all trafic where source != 192.168.1.z ). BTW. If your have connected all devices do LAN ports on your ZyWALL and it's working as a switch on those ports, then they will be able to connect regardless of your LAN-to-LAN rules.

To allow to filter LAN-to-LAN rules: click SECURITY, FIREWALL and open the Default Rule. Un-check the Allow asymmetrical...

kwachu
  • 19
  • 2