Hi,
I could not understand which interface to add a block rule in this case.
I have set up VIP (10.10.13.1) on FW1 (10.10.13.2 | Sub-Interface (VLAN13_Servers).
I have set a reject any IPv4 rule on this Sub-Interface of FW1, and shutdown FW2 for testing.
(https://i.ibb.co/zX6fLSK/2.png)
Parent interface of Sub-Interface VLAN13_Servers is also added with a reject all IPv4 rule.
(https://i.ibb.co/HrT3jC6/1.png)
But the ping traffic still reaches a VM in 10.10.13.0/24 network.
(https://i.ibb.co/HtG8MCx/4.png)
(https://i.ibb.co/vBKbMcX/5.png)
I found out that if I disable the VIP (10.10.13.1 in FW1) the pings between the 2 VMs stops.
So my question is which interface do I add a block rule to block traffic from reaching the VLAN Sub-Interface, because I have added 1 block rule on Parent interface, an another block rule on Sub-Interface but the VM in 10.10.13.0/24 is still reachable ?
Thank You