Block all service port exclude some service port
Fansa
Newbie ✭
Hi All,
I have 2 internal server connected to Sonicwall TZ400 using Vlan. My Goals is i want to block all services port exclude some port service such 8080, 80, 443 and for exclude port service i already create group service.
FYI, I have done create configuration on access rules as a screenshot, which I already create 2 rules each and have to set the priority too. But still doesn't work well
Need your help guys for this case.
Many Thanks,
Fansa
Category: Mid Range Firewalls
Tagged:
0
Answers
Hi @Fansa if DC and DRC are in the same subnet, the packets between these two Hosts will never touch the Firewall because of subnet routing.
--Michael@BWC
Hi @BWC
The topology is Sonicwall - Unmanage switch - 2 Server. DRC using vlan 11 & DC using vlan 12 (trunk). Both Vlan is from Sonicwall.
If this scenario doesn't work, did you have any suggestion?
Thanks,
Fansa
Hi @Fansa ok then, I guess you have Interface trust enabled and having X0:V11 and X0:V12 (or any other Interface) put into the LAN zone? If Interface Trust enabled all the traffic between these Interfaces is allowed and your Block Rule does not catch it.
Can you try disabling Interface Trust in the Zone settings for the LAN zone?
--Michael@BWC
Hi @BWC
Here's what I Config on our interface
For disabling "interface trust zone" you mean i have to create new custom zone?
Or just by uncheck "allow interface trust"?
Because we can't change "security type" on LAN Zone...
Thanks,
Fansa
Hi @Fansa you can disable Interface Trust for the LAN zone if you wanna control traffic between these Interfaces. Without disabling this Option the Firewall does not check the traffic between them. IMHO no need for a new custom Zone, except you have other Interfaces bound to this Zone as well and need the Interfaces trust. Then you have to create a new one.
--Michael@BWC