Block traffic


Can I block traffic between two interfaces in easy way?

I prepered polcicy like this but doesn't work and I can comunicate from any optional to trusted, I also tried from block networks - same problem.


  • Options

    By default, no traffic can go from an optional interface to a trusted interface without a policy allowing it.
    Clearly you must have some policies which are currently allowing traffic to go from optional to trusted.

    One thing you could do is to modify these policies to not allow traffic from optional to trusted..

    Where is the above policy in your list of policies?
    If it is below 1 or more policies which allow access from optional to trusted, then the policy will not affect those packets.
    You can move this policy to the top of the policy list.

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    It depends.

    If the traffic is flowing via the firewall, then you can deny it (or it will be denied by default, like Bruce mentioned, since there is no rule.

    If there is another router/switch in the network that can handle Layer 3 routing, your traffic may be traversing via that, and not via the firewall.

    The easiest way to check is to enable logging for the rule that you believe the traffic is flowing via, and checking the traffic monitor tool to see if your traffic is appearing. if you don't see anything, the firewall likely is not being presented with that traffic and it's being routed there via something else.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.