Hello,
I have a network with hundreds of devices connected to network switches (non-mikrotik) and access points (again, non-mikrotik). This network is setup with multiple vlans and everything is working great on the LAN side.
Below are 4 images from winbox (sorry not familiar with the cli yet). I have setup vlan interfaces, switch vlan config and firewall rules, but I can't get my firewall settings to work to only allow certain VLans access to the internet. As you will see from my firewall rules in the below images, there is traffic arriving on the TMTITOffice VLan, so traffic is obviously being tagged correctly on the network switches.
However, if you look at my firewall rules, if I disable the LAN to WAN-VM rule, and enable the TMTITOffice to WAN-VM rule, internet access stops working about 10 - 15 seconds later.
Any idea's what I am doing wrong?
I'm guessing it has something to do with the network traffic having the correct VLAN ID before going out to the internet, but returning traffic doesn't have any VLAN ID associated with it, so it gets dropped?
Firewall (Filter):
Firewall (NAT)
Interfaces:
Switch (Not sure if this is needed - I read somewhere I need this for tagged traffic?):
Cheers,
Matt