mjp66
commented
3 years ago Hi,
What I see in section 62. WIRED_SEPARATE Firewall Rules are two (one in, one local) rule sets. The in set has "default-action accept" and address-group RFC-1918_GROUP drop. The local set has "default-action drop" and then allows DHCP and allows DNS.
The intent of the separate network is to (only) allow those devices access to the internet. I don't see how the stated rules would inhibit access to the internet.
Maybe check your separate firewall rules for the above and maybe check (all) your firewall rules for correct interface and direction attributes.
You can also compare your configuration backup file against the published reference config.
Good luck, -Mike
alberg79
Seems that the FWR 5 Wired Separate In rule blocks all local IP's including the devices on that port from making connections out to the WAN. I disabled that one rule to get that port access to the internet. Thinking Outbound rules on the other interfaces would block eth2 from access to those networks instead.