To allow Default LAN (VLAN 1) initiated traffic to reach devices on any other VLAN defined on the UDMP device and block traffic between VLAN's.
Device: UDM Pro
OS: 4.0.21 (Official release up to date as of 2024-11-27)
Networks: Two VLAN's, default (1) and Guest (30)
Profile Name: All private IPs RFC1918
Type: IPv4 Address / Subnet
Address:
192.168.0.0/16
172.16.0.0/12
10.0.0.0/8
VLAN 1:
- GW: 192.168.5.1
- Network: 192.168.5.0/24
Guest VLAN 30:
- GW: 192.168.30.4
- Network: 192.168.30.0/24
- Guest Network: Not Checked (make sure, this is a common oversight)
- None
- None
These must be created and ordered as documented
- Allow Established, Related
Type: LAN In
Name: Allow Established, Related
Action: Accept
Protocol: All
Source:
Source Type: Port/IP Group
Address Group: Any
Port Group: Any
MAC address: <empty>
Destination:
Destination Type: Port/IP Group
Address Group: Any
Port Group: Any
Advanced: Manual
Match State: Established, Related are checked
Match IPsec: Do not match is selected
Logging: Not checked
- Allow VLAN 1 access to all VLANs
Type: LAN In
Name: Allow VLAN 1 access to all VLANs
Action: Accept
Protocol: All
Source:
Source Type: Network
Address Group: Default
Network Type: IPv4 Subnet
MAC address: <empty>
Destination:
Destination Type: Port/IP Group
Address Group: All private IPs RFC1918
Port Group: Any
Advanced: Auto
- Block all inter-VLAN communications
Type: LAN In
Name: Block all inter-VLAN communications
Action: Accept
Protocol: All
Source:
Source Type: Port/IP Group
Address Group: All private IPs RFC1918
Port Group: Any
MAC address: <empty>
Destination:
Destination Type: Port/IP Group
Address Group: All private IPs RFC1918
Port Group: Any
Advanced: Auto