This walkthrough will cover how to isolate/segregate/separate internal LAN traffic, to prevent from spilling into other internal networks (LAN1, LAN2, DMZ, etc.).
Open a command line interface using SSH/Telnet/Console and type the following commands to change a policy control rule. For this example, we will use rule #1, which on our device is the "LAN1_Outgoing" rule.
For a list of all the control policy (firewall) rules you can use command, 'show secure-policy' on the terminal client.
Enter the following commands to make changes:
- Login to device.
- Type 'configure terminal' to access the configuration mode.
- From the config prompt type 'secure-policy 1' to enter the rule #1 editor.
- Type 'to WAN' to change the "To" option from ANY (this will allow the LAN1 to communicate only with the WAN interface for internet access).
- Type 'exit' to close the editor and save the setting.
- Type 'exit' to close the configurator mode.
- Type 'write' to force all setting to be written to the startup-config.conf file.
- Type 'exit' to close the SSH/Telnet/Console session.