I’ve setup a filter rule on the 2865’s firewall which I believe should work but has no effect when tested. Could anyone confirm if I’ve missed anything obvious and if it is possible to create a firewall rule that applies to the same LAN subnet with this model? I have also tried creating a secondary rule blocking in the opposite direction, which also appears to have no effect.

Many thanks for any help in advance. 

IP addresses for example:
 
 20.20.20.1 - Router/DHCP
 20.20.20.2 - PC 1
 20.20.20.3 – Off Limits
 
Rule setup:

Direction LAN/DMZ/RT/VPN  - > LAN/DMZ/RT/VPN
Source: 20.20.20.2
Destination: 20.20.20.3
Service Type: AnyFilter: Block Immediately

Hi SuperSheep ,

No, you can’t block traffic on the same LAN at the router, as the router isn’t playing a part in that traffic flow, so can’t block it. 

The router routes traffic between subnets but not within a subnet. The only instance where you can control the traffic on the same LAN subnet with the router, is when the traffic is flowing in and out of a VPN connection that has joined the same LAN subnet, but even then, the firewall rule would be VPN -> LAN & LAN -> VPN, not LAN -> the same LAN.

You’d probably wonder then, why is it possible to set up a firewall rule that can be configured as LAN 1 -> LAN 1, well, that is for instances where you want to block/allow flow in opposite directions and would involve selecting more than just a one single (same) LAN on each side but two or even three. You can create an object that exists on either side and apply that to both sides of the rule, as the rule goes from left -> to right; but never same LAN to same LAN:

LAN1 Object A -> LAN3 Object B
LAN3 Object B -> LAN1 Object A

Both objects are placed in the ‘Source’ and the ‘Destination’ parameters,

or even

LAN1 ALL -> LAN3 ALL
LAN3 ALL -> LAN1 ALL.