General question about routing between VLANs
We are running a T40 as a firewall between internal (trusted) network and the internet.
So far we had a single VLAN 10 configured which was output to interface #1 untagged. It's in zone "Trusted".
Now I added a second VLAN 40, which uses a different IP range ad is also in "Trusted" zone. It's output on interface #3.
To my surprise, pinging a device in VLAN 10 from VLAN 40 is possible. I suspect the Firewall rules to allow that, because the rule "ping" is allowing traffic from "Any-Trusted" and "Any-Optional" to "Any".
What's the basic approach when configuring the rules for new VLANs so that those VLANs can't see each other?