Hello everyone, am sharing my pfsense guestWifi rules and ServerVLAN rules.
Here my controller sits in SERVERVLAN and all AP’S are in guestwifi vlan.
All of three are allowed only to have contact with unifi controller vm and rest everything should be blocked on both side.
But today while I was testing everything I don’t know why but I was able to ping my AP’s from different IP and even used ping to check that does guestWIFI can ping my any other server ? and it was able to ping.
Can someone help me where I am making mistake while setting up the rules.
ServerVLAN rules :
GuestWifi Rules : PLANT, OFFICE, AP3 are the unifi AP
Ping from my other Server :
GuestWifi can also ping other devices on ServerVLAN:
For ServerLAN firewall rule, the source needs to be serverlan and destination needs to be guestwifi
for your guestwifi, instead of doing ping from pfsense. Can you do a ping from an actual device connected to your guest wifi and see if that works or not.
Instead of creating all these block rules for all your VLAN’s you should simplify this by creating a RFC1918 Alias and setting up a rule like below. Then add your allow rules for each interface rules.
Rule: The interface network needs to be able to access the interface address for DNS unless your DNS is coming from somewhere else
If you use an Alias for say your subnets, then the inverse will be out of the WAN, this make it a bit tidier to use as few rules as possible.