we created a SSID for Voice WLAN handhelds which is tagged as VLAN 20. VLAN 20 has a /24 192.168.20.0 IP range which is created on a MX100. The MX100 serves this VLAN with DHCP as well.
APs are MR42 with MS225 Switches in between. SSID has PSK WPA2.
No we need to close this VLAN/WLAN down completely and just allow specific IPs/Ports to connect to the cloud based telephone system of the provider. We got a sheet from the provider what to open and allow on the firewall.
Where to configure these rules and how? I find Firewall Config on the MX/Security Tab as well as on the WLAN/SSID Firewall Tab.
What would be the best approach to close a SSID/VLAN down and just open for specific ports?
Best regards and thanks in advance!
Solved! Go to Solution.
Thanks for the quick response!
So if I understand right:
Implement allowed Rules on MX Firewall for VLAN.
Source: Provider IPs and Ports. Destination Voice VLAN?
Set Deny Any to Destination Voice VLAN at the end to block the rest.
Correct like this???
Yes, but make sure to allow the IP's/VLANS that need to access this. Make a test group policy see if it works.