cancel
Showing results for 
Search instead for 
Did you mean: 

Guest user can Access the internal Network altough the ACL should prevent this.

thomas_henneber
New Contributor
Hello,

I have a ZD 1100 (FW 9.4) installed in a flat 172.30.1.0/16 Network (no VLAN, no Layer3 device). Default Gateway for this Network is a Firewall (one internal Interface in the 172.30.1.0 Network, one external Interface to the Internet).

The ZD has two Wireless Networks configured, one for internal users, one for Guest users. Guest users can log in and Access the Internet without a Problem.

The Problem is that users who are connected to the Guest can also access ressources on the internal 172.30.1.0 Network altough the ACL should prevent this.

I have read the user Manual and it states that there are 3 ACL rules for the private Networks which will always be active and which will be enforced on the ZD and on the AP. I can see These ACL in the configuration and they are set to deny.

My question is: Why can a guest user access a Server in the 172.30.1.0 Network and how do I prevent this from Happening? Will I Need to create a seperate VLAN for the guests or can there be a missconfiguration?

Thanks a lot and many greetings from Germany.
2 REPLIES 2

gustav_karavas
New Contributor
push

michael_brado
Esteemed Contributor II
We have implemented greater client isolation, into Layer3, in ZD version 9.8 firmware over the behavior from v9.4 code.  Can you upgrade and re-evaluate the guest WLAN access to trusted network again?