08-30-2017 11:22 AM
I'm looking to configure VLAN isolation using my USG, but i'm not having any luck.
My configuration is quite simply and it's as follows:
IoT Network (corporate) - VLAN 22 (172.17.0.1/24)
Lab Network (corporate) - VLAN 10 (10.0.0.1/24)
I want to drop connections from my IoT Network to my Lab Network. After reading various post on this site, I've come up with the following Firewall configuration:
All in "LAN_IN"
The rule also shows up within the CLI when I list the FW rules for "LAN_IN"
I'm attempting all of this via the Cloud Key controller's GUI interface. The versions for the controller and USG are as follows:
Even with the rules above, when i'm on the IoT network, i'm still able to ping devices on the Lab network. Looking in the live firewall logs, there are NO 'drop' hits at all. I should add that my Guest networks are isolated from the networks mentioned above, and this works just fine. Seems that corportate to corporate network configurations are a bit tricker
I've read just about all of the post on this topic, and most of the folks who were able to get this working configured the rules above. Also, from my understanding, later versions of the controller state that I should be able to use the GUI to configure these rules instead of using the CLI. Being that I can see the rule after running the 'show firewall' command, I would think that configuration via the GUI is working.
Is there a step that i'm missing here? Should I do this using the CLI instead?
08-30-2017 06:55 PM - edited 08-30-2017 07:03 PM
Why not just set the IoT Network as a Guest network.
Then members of that VLAN can't access other VLAN's.
And firewall rules is set automaticly.
09-14-2017 08:41 AM
I am just starting my first network config using UniFi. I did not imagine I would be so unimpressed.
What kind of "Secure Gateway" will not allow a "default deny and allow explicitly" scenario for inter VLAN traffic?
The inter VLAN traffic policy must be GUI-configurable. All other "solutions" are ugly hacks at best.