- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Re: FVS336Gv3 - Help in configuring router
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We have a Netgear FVS336Gv3 running latest firmware (V4.3.4-1). The FVS336Gv3 has a single LAN network with 4 devices and each have the following IP address: IP_A, IP_B, IP_C, IP_D. It also has a single WAN network.
What we'd like to do is to configure the FVS336Gv3 to only allow the IP_A device to communicate with IP_D device but everybody else (IP_B and IP_C) are disallowed to communicate with IP_D device. Note that IP_A, IP_B, and IP_C are allowed to communicate with each other.
Would appreciate it if someone can provide directions in configuring the FVS336Gv3 to accomplish the above.
Regards,
Al
Solved! Go to Solution.
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi vpnman,
Just want to follow-up. Any updates?
Regards,
DaneA
NETGEAR Community Team
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: FVS336Gv3 - Help in configuring router
Hi vpnman,
I think you need a switch that supports access control list or ACL on your network setup to achieve your goal. Let me share this article below as reference:
Setting up VLANs & VLAN Routing with Access Control Lists
Regards,
DaneA
NETGEAR Community Team
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: FVS336Gv3 - Help in configuring router
Hi DaneA,
Thanks for your response. Will a Netgear ProSAFE M4100 unit be able to accomplish this and support the additional requirements below?
- In addition to IP_A device, to only allow a particular VPN client (coming from WAN side) with VPN_IP_Z address to access IP_D device and all other VPN clients are denied access to IP_D device?
- Can a set of LAN IP address (ex: coming from a port connected to a WIFI access point) be put in a group and manage this group in a ACL rule (ex: deny this group access to IP_D)?
Regards,
vpnman
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: FVS336Gv3 - Help in configuring router
Hi vpnman,
About the 1st additional requirement, I believe it can be configured on the VPN policies of the FVS336Gv3. While the 2nd additional requirement, can be configured on the M4100 switch as an ACL rule.
Regards,
DaneA
NETGEAR Community Team
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: FVS336Gv3 - Help in configuring router
Aside from the M4100 switch, can it be accomplished using GS110TP and/or GS108T? Do these support IP-based ACL?
Is there a guide or cookbook that shows step-by-step how to configure the FVS336gv3 to deny access to IP_D device from all VPN clients coming from GW-to-GW VPN but only allow a particular one (VPN_IP_Z address)?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: FVS336Gv3 - Help in configuring router
Hi vpnman,
Both GS108Tv2 and the GS110TP supports either MAC ACL, Standard IP ACL and Extended IP ACL. Kindly read pages 180-194 of the GS108T and GS110TP Smart Switch software administration manual here. Check also Appendix B for the ACL configuration examples.
You could check on how to manage or modify the VPN policy on pages 381-389 of the FVS336Gv3 reference manual here.
Regards,
DaneA
NETGEAR Community Team
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: FVS336Gv3 - Help in configuring router
Hi DaneA,
Thanks for your response. Can you advise what's the difference between GS108Tv2/GS110TP vs M4100 specifically on IP ACL capability? What can the M4100 do that the GS108Tv2/GS110TP can't do?
Regards,
vpnman
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: FVS336Gv3 - Help in configuring router
Hi vpnman,
I believe the IP ACL capability is the same for both the GS108Tv2/GS110TP switches and the M4100 series switches. The only difference I found is that based on the M4100 software administration manual with firmware version 10.0.x here, it has added features, namely: ACL Mirroring and ACL Redirection.
Regards,
DaneA
NETGEAR Community Team
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: FVS336Gv3 - Help in configuring router
Hi vpnman,
We’d greatly appreciate hearing your feedback letting us know if the information I’ve provided has helped resolve your concern or if you need further assistance. If ever your concern has been resolved, I encourage you to mark the appropriate reply as the “Accepted Solution” so others can be confident in benefiting from the solution. The NETGEAR Community looks forward to hearing from you and being a helpful resource in the future!
Regards,
DaneA
NETGEAR Community Team
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: FVS336Gv3 - Help in configuring router
Hi DaneA,
From your recommendation, we've purchased a new Netgear switch with IP ACL capability. We'll mark "Accepted Solution" after we try this on the new switch and it does what we want it to do.
Regards,
vpnman
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi vpnman,
Just want to follow-up. Any updates?
Regards,
DaneA
NETGEAR Community Team