Guest user can Access the internal Network altough the ACL should prevent this.

  • 1
  • Question
  • Updated 2 years ago
Hello,

I have a ZD 1100 (FW 9.4) installed in a flat 172.30.1.0/16 Network (no VLAN, no Layer3 device). Default Gateway for this Network is a Firewall (one internal Interface in the 172.30.1.0 Network, one external Interface to the Internet).

The ZD has two Wireless Networks configured, one for internal users, one for Guest users. Guest users can log in and Access the Internet without a Problem.

The Problem is that users who are connected to the Guest can also access ressources on the internal 172.30.1.0 Network altough the ACL should prevent this.

I have read the user Manual and it states that there are 3 ACL rules for the private Networks which will always be active and which will be enforced on the ZD and on the AP. I can see These ACL in the configuration and they are set to deny.

My question is: Why can a guest user access a Server in the 172.30.1.0 Network and how do I prevent this from Happening? Will I Need to create a seperate VLAN for the guests or can there be a missconfiguration?

Thanks a lot and many greetings from Germany.
Photo of Thomas Henneberger

Thomas Henneberger

  • 1 Post
  • 0 Reply Likes

Posted 3 years ago

  • 1
Photo of Gustav Karavas

Gustav Karavas

  • 1 Post
  • 0 Reply Likes
push
Photo of Michael Brado

Michael Brado, Official Rep

  • 1982 Posts
  • 277 Reply Likes
We have implemented greater client isolation, into Layer3, in ZD version 9.8 firmware over the behavior from v9.4 code.  Can you upgrade and re-evaluate the guest WLAN access to trusted network again?