Text only | Text with Images

OPNsense Forum

English Forums => Virtual private networks => Topic started by: aulin on October 12, 2020, 11:46:24 AM

Title: Isolate Guest-Network Hosts
Post by: aulin on October 12, 2020, 11:46:24 AM
Hello,

I set up the guest network according to the instructions:
https://docs.opnsense.org/manual/how-tos/guestnet.html

But now i have a question to the firewall rule:
Block -> Interface Guestnet -> Source Guestnet net -> Destination Gestnet address

The access to the firewall GUI is blocked, but the clients in the Guestnet can talk to each other. How can i isolate them completely?

Thanks
aulin

Title: Re: Isolate Guest-Network Hosts
Post by: Gauss23 on October 12, 2020, 06:28:42 PM
That is nothing the OPNsense can do. The switch or access point needs a port/client isolation function (only traffic to upstream gateway is allowed). Unifi switches for example can do this.
Title: Re: Isolate Guest-Network Hosts
Post by: aulin on October 14, 2020, 07:58:07 PM
Thank you for the information
Title: Re: Isolate Guest-Network Hosts
Post by: rudydevolder on June 18, 2024, 09:33:11 AM
I thought this would work: (BUT NO)


Protocol   Source                    Destination             Description    
IPv4          V_GUESTS address   V_GUESTS address   Block access between clients

But turning on client isolation on my WiFi works  ;)
Title: Re: Isolate Guest-Network Hosts
Post by: chemlud on June 18, 2024, 01:54:08 PM
Quote from: rudydevolder on June 18, 2024, 09:33:11 AM
I thought this would work: (BUT NO)


Protocol   Source                    Destination             Description    
IPv4          V_GUESTS address   V_GUESTS address   Block access between clients

But turning on client isolation on my WiFi works  ;)

Besides wifi-isolation there is no way to block traffic between clients within the same subnet/interface. The traffic simply doesn't go through your sense, clients talks to each other directly.
Text only | Text with Images