VIP interface firewall rule ?

Started by tryllz, March 01, 2023, 10:47:58 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 01, 2023, 10:47:58 PM Last Edit: March 02, 2023, 07:11:56 AM by tryllz
Hi,

I could not understand which interface to add a block rule in this case.

I have set up VIP (10.10.13.1) on FW1 (10.10.13.2 | Sub-Interface (VLAN13_Servers).

I have set a reject any IPv4 rule on this Sub-Interface of FW1, and shutdown FW2 for testing.



Parent interface of Sub-Interface VLAN13_Servers is also added with a reject all IPv4 rule.



But the ping traffic still reaches a VM in 10.10.13.0/24 network.




I found out that if I disable the VIP (10.10.13.1 in FW1) the pings between the 2 VMs stops.

So my question is which interface do I add a block rule to block traffic from reaching the VLAN Sub-Interface, because I have added 1 block rule on Parent interface, an another block rule on Sub-Interface but the VM in 10.10.13.0/24 is still reachable ?

Thank You
Print
Go Up Pages1
User actions