We are in the proccess of adding a firewall filter to one of our VLANs where we want to restrict all devices on this guest VLAN.100 from being able to access all other VLANs in this example, lets say we have VLANs 5-50 the the business use.
Is there a way for us to have a low maintenace rule that we do not need to amend when new VLANs are added, and we can apply Outbound on the guest VLAN.100 RVI?
We would like this VLAN to have full access to the internet and nothing else.
To add a slight complication, the internet is accesses via VLAN.2, which then forwards to an SRX and then onto an SSG firewall.
We are looking to do these rules on the EX switches as we do not have direct management of the other outer devices.
We would also need to keep the RVI on this VLAN as we require inbound access to devices on this guest type network.
Hope someone can lend a helping hand.
It would be easier to have the guest VLAN live on the SRX or SSG, but I see your reason for not doing that.
On your switch, do you have VRFs setup for different VLANs or just one routing table?
Thank you SRXs, I have had a little read up on this and it looks like it might be what we need.
Appriciate the suggestion!