UDM Pro VPN Firewall rules


i got some problems and i have looked at all the unifi firewall rules videos i can fing on Youtube :frowning:
so my problem is.

Inter VLan is blocked.
I can block VPN from the different VLAN’s
I can enable access to specific ip’s on blocked VLAN’s for the VPN.

what i cant figure out is how do i block the VPN from accessing and pinging the gateways on the blocked VLAN’s !?

Anyone ??


Hello, try making up groups of all your gateways. Set up a rule to drop ICMP from your vpn network to ip group gateway under LAN Local, That will prevent ping, then you can drop all traffic from vpn network to all other gateway addresses excluding the gateway of your vpn network. This is set up in LAN IN. You need to set up the gateway groups excluding the network required gateway. So if you have 5 networks you will have 5 groups of 4 gateway ip addresses. If you block the gateway of the network it is serving you block all traffic. That is when you drop icmp to that gateway instead. To keep from vpn client from accessing vpn network gateway, you can block port 22, 443, and 80. Which will keep clients out of your gateway’s interface.

So just because i block access to the vlans dont mean i block access to the GWs ?
i thought VPN was lan out?
i will give it a ty
Thank you


GW’s are not blocked on corporate networks, and if guest policies are enabled; you can still ping that network’s GW.

Thanks :slight_smile: know where it went wrong now