Okay I know how to setup a firewall rule to isolate different VLAN subnets… but if I have VLAN1 and VLAN2 how do I setup a rule to allow VLAN1 to see and access VLAN2 but NOT to allow VLAN2 to see and access VLAN1?
I don’t think you can. In order for TCP/IP to work, you need two-way communication.
If VLAN1 can talk to VLAN2, VLAN2 needs to be able to talk back to VLAN1. You can verify this by blocking traffic in one direction and watching it fail (for example, block traffic one-way and try to ping).
If you need to isolate some but not all traffic, you could set up an address list of IP addresses that can communicate with both VLANs and block everything else.
Additionally, you may be able to set up some firewall rules to allow traffic that was initiated by VLAN1 to VLAN2, but I’m not exactly sure what steps you’d need to take there and not certain it would work 100% as desired.
Enable established and related tcp both ways and new connections only in desired way. Drop the rest. Then it should work correctly.
Jarda can you type out a firewall as an example for me to see what you mean?