NSG local access blocked for guest interfaces

Bram_Lortye
Bram_Lortye Posts: 4
Friend Collector First Comment
edited April 2021 in Nebula
Hi there,

I use a NSG50, a GS1920-8HP and 2 NAP102.

In the NSG50 i created serveral VLAN's and a VLAN10 for guests (10.10.10.1 with DHCP server from 10.10.10.33-232), i enabled the 'guest'-slide-button in the interface section.
In the AP settings i made a 'guest' SSID with VLAN-ID10 and (did i need to?) enabled the 'guest'-slide-button, so the 'layer-2-isolation' is enabled, and i did enter the MACadress of the NSG50.
So far so good, when i connect to the guest SSID, i can connect to the internet but also can i connect to the nsg's local GUI at 10.10.10.1.
I don't want guest to be able to do this, can i manage to block this IP?
I tried to make an outboud-firewall-rule with source: 10.10.10.0/24 destination: 10.10.10.1 but then i get the error message: 
INVALID_DST_IP_AND_SRC_IP_DUPLICATE 

Perhaps i am doing it all wrong, what i would like to make is a network with 4 VLAN's, all separated from each other with one guest lan that can only access the internet.
If someone could help me in the right direction, thank you very much.

gr. Bram


 

Accepted Solution

All Replies

  • Hi Chris,

    Thanks for your reaction, i already was afraid it wasn't doable  :)
    Then it also isn't possible to use 2FA for the local login, or disable the local login complete?
    If possible i want guests not to be able to crack the local password in any way.
    grts. Bram!
  • Zyxel_Chris
    Zyxel_Chris Posts: 653  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi Bram,
    We'll have the enhancement of this part and the 2FA will be launched on L2TP, I'll private message you about the guest zone case.

    /Chris

    Chris
  • Alfonso
    Alfonso Posts: 257  Master Member
    First Anniversary Friend Collector First Answer First Comment

    HI @Nebula_Chris


    When 2FA will be launched on L2TP? It will be launched on IPSEC/L2TP?


    Thanks in advance

  • Zyxel_Chris
    Zyxel_Chris Posts: 653  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @Alfonso

    It's L2TP over IPSec VPN support 2FA feature and it will be launched at this year of December.😄


    Cheers~

    Chris
  • Alfonso
    Alfonso Posts: 257  Master Member
    First Anniversary Friend Collector First Answer First Comment

    Thanks @Nebula_Chris

    It sounds great.

Nebula Tips & Tricks