This configuration prevents connections from 192.168.50.0/24 (guest subnet) to 192.168.30.0/24 and
192.168.35.0/24 networks (.35 configuration is similar to .30 so no screenshots from that needed).
Any other connection is allowed (like the internet). Note that the direction must be 'in' in the interfaces tab, this mean ingress connection from the .50 network to the EdgeRouter.
First create and configure the ruleset (in this case the name is GUEST_IN).
Select Drop
Select the guest VLAN interface and 'in' ('in' means data coming into the EdgeRouter from the selected interface)
Save the ruleset.
Create a DROP rule.
DROP new connections.
From every address in the .50 network (leave blank).
To every address in .30 network.
The config for the 192.168.35.0/24 is similar so not shown here.
Create the allow rule. This allows all connections everywhere and receiving data from everywhere. The rules higher in the priority override this and block new connections to .30 and .35.
This is what it looks like when all the rules are made. (the DEFAULT ACTION is generated by the system).
Thanks for sharing this information
ReplyDeleteMulesoft Online Training in Hyderabad
Mulesoft Online Course