Firewall not working between zones and VLAN's

mas_semco · February 24, 2026, 11:11am

HI

I’m setting up an RUTX50 unit with 5 VLAN’s where two of the VLAN’s will need Internet access. The different VLAN’s are mapped to 4 firewall zones, but even with the firewall zones set to reject traffic I’m still able to ping between the zones.

VLAN Config:

The VLAN interfaces have been configured under LAN section with their corresponding IP’s, as eth0.11, eth0.12 etc.

I have created my firewall zones as:

Mgmt = {eth0.15}
MAHI = {eth0.11}
MyDefence = {eth0.12}
Semco = {eth0.13, eth0.14}

Only the Mgmt and MAHI zones will require Internet access and have been granted access to WAN zone via “Allow forward to destination zones = wan”

With the MAHI zone set to Input=Drop, Output=Drop and Forwarding=Drop I’m still able to ping from my Mgmt to the MAHI interface.

Full configuration of the device can be provided via email since i’m unable to upload it to this site.

For info have been in contact with 1st line of Teltonika support and hope that you can pick this one up.

Best regards, Martin

mas_semco · February 24, 2026, 11:49am

Have done some more testing and can confirm that the devices in my subnet cannot be pinged from the other zones, only the default gateway for each zone.

Had an expectation that also the IP address for my VLAN would not be reachable from the other zones but that is apparently not the case.

Justinas · February 24, 2026, 4:09pm

Greetings,

Could you please provide screenshots of your firewall zones configuration?

To block access to the gateway IPs of other zones, the firewall must be explicitly instructed to drop traffic destined for the router’s other local IP addresses.

You will need to create traffic rules similar to the example below (the rule shown prevents mgmt from reaching the mahi gateway):

When creating these rules, make sure you do not block a zone from communicating with its own gateway IP.

Best Regards,
Justinas