This walkthrough will cover how to isolate/segregate/separate internal LAN traffic, to prevent from spilling into other internal networks (LAN1, LAN2, DMZ, etc.).
Supported Devices
ZyWALL 110
ZyWALL 310
ZyWALL 1100
USG40
USG40W
USG60
USG60W
USG110
USG210
USG310
USG1100
USG1900
USG20-VPN
USG20W-VPN
USG2200-VPN
Isolating Interfaces
Open a command line interface using SSH/Telnet/Console and type the following commands to change a policy control rule. For this example, we will use rule #1, which on our device is the "LAN1_Outgoing" rule.
For a list of all the control policy (firewall) rules you can use command, 'show secure-policy' on the terminal client.
Enter the following commands to make changes:
- Login to device.
- Type 'configure terminal' to access the configuration mode.
- From the config prompt type 'secure-policy 1' to enter the rule #1 editor.
- Type 'to WAN' to change the "To" option from ANY (this will allow the LAN1 to communicate only with the WAN interface for internet access).
- Type 'exit' to close the editor and save the setting.
- Type 'exit' to close the configurator mode.
- Type 'write' to force all setting to be written to the startup-config.conf file.
- Type 'exit' to close the SSH/Telnet/Console session.
Comments
0 comments
Please sign in to leave a comment.