TP-Link Omada ER8411 VPN Router User Manual

User Guide 124

Configuring Firewall

Configuration Examples

Dept” as the source IP group, “IPGROUP_ANY” as the destination IP group, and “Any” as

the effective time. Click

OK

.

This rule means that all DNS packets from the R&D department are allowed to be sent

from the LAN to the internet at any time.

Figure 3-7 

Configure Allow Rule for DNS Service

7) Choose the menu

Firewall > Access Control > Access Control

to load the

configuration page, and click

Add

. Specify a name for this rule. Select “Block” as the rule

policy, “ALL” as the service type, “LAN -> WAN” as the effective traffic direction, “RD_

Dept” as the source IP group, “IPGROUP_ANY” as the destination IP group, and “Any” as

the effective time. Click

OK

.

This rule means that all packets from the R&D department are blocked from being sent

from the LAN to the internet at all times.

Figure 3-8 

Configure Block Rule for ALL Services

8) Verify your configuration result. In the Access Control List, the rule with a smaller ID has

a higher priority. Since the router matches the rules beginning with the highest priority,

make sure the three Allow rules have the smaller ID numbers compared with the Block

rule. In this way, the router checks whether the received packet matches the three Allow

rules first, and only packets that do not match any of the Allow rules will be blocked.