Orbi WiFi 7 RBE973
Reply

BR200: How to block WAN completely except for some IP addresses?

keale
Star

BR200: How to block WAN completely except for some IP addresses?

We have an isolated LAN in our lab. We want to use BR200 as a gateway for a pair of special IPs and services (https and ssh). Other LAN WAN traffic should be blocked.

 

How can I configure this via the web interface for BR200? On our very old router ProSave FVS338, under LAN WAN Rules there is an option Default Ouboond Policy: Block Always.

I have not found anything comparable for BR200.

 

Message 1 of 3

Accepted Solutions
keale
Star

Re: BR200: How to block WAN completely except for some IP addresses?

Dear @antinode,

I apologise for my silence due to an illness. Now I was able to test the RB200 extensively. Well, the device gives me a very buggy impression. For example, the instructions in the firewall traffic rules are sporadically not accepted and to be sure, you have to reboot the router...

I could of course block most services, 1-21, 23-442, etc. but that does not prevent e.g. an https page from being opened on an not desired server.

 

I achieved wished result via settings in the firewall traffic rules.

One has to keep in mind that the order of the rule is important.

So one must first allow the IPs that one wants
1. IP for WIKI ACCEPT
2. IP for GITLAB ACCEPT
3. IP for Timeserver ACCEPT

After what its possible to block the rest

4. ALL IPs DROP

 

Thank You for help and best wishes!

View solution in original post

Message 3 of 3

All Replies
antinode
Guru

Re: BR200: How to block WAN completely except for some IP addresses?

> [...] Other LAN WAN traffic should be blocked.

 

   Inbound connecations are blocked by default.  Don't run software
which makes outbound connections?

 

> I have not found anything comparable for BR200.

 

   I've never touched a BR200, and the User Manual is far from
comprehensive, so I know nothing, but what's wrong with the usual
ADVANCED > Security > Block Services stuff, with a rule for ports
1-65535?

 

   Visit http://netgear.com/support , put in your model number, and look
for Documentation.  Get the User Manual (at least).  Read.  Look for
"Block specific services and applications from the Internet"?

Message 2 of 3
keale
Star

Re: BR200: How to block WAN completely except for some IP addresses?

Dear @antinode,

I apologise for my silence due to an illness. Now I was able to test the RB200 extensively. Well, the device gives me a very buggy impression. For example, the instructions in the firewall traffic rules are sporadically not accepted and to be sure, you have to reboot the router...

I could of course block most services, 1-21, 23-442, etc. but that does not prevent e.g. an https page from being opened on an not desired server.

 

I achieved wished result via settings in the firewall traffic rules.

One has to keep in mind that the order of the rule is important.

So one must first allow the IPs that one wants
1. IP for WIKI ACCEPT
2. IP for GITLAB ACCEPT
3. IP for Timeserver ACCEPT

After what its possible to block the rest

4. ALL IPs DROP

 

Thank You for help and best wishes!

Message 3 of 3
Top Contributors
Discussion stats
  • 2 replies
  • 803 views
  • 1 kudo
  • 2 in conversation
Announcements

Orbi WiFi 7