RUT955 - Creating different WAN zones for Mobile and Wired connections

Hi.

I have a setup where I am using a RUT955 device to create a small local network for an energy monitoring system, with the primary internet connection coming from an office router, connected via cable to the WAN port of the RUT955.

Alongside this, the RUT955 contains a SIM card that joins a private SSL VPN, with a fixed private IP address that I can use to remotely access the RUT955, and all devices on it’s LAN using Port Forwarding or PPTP.

As it is, the setup works well and I can remotely access my LAN devices on the RUT955 LAN via the Private IP of the SIM, due to the fact failover is set up.

What I would like to do next is to block access to the RUT955 and all LAN devices on its LAN from the office LAN network such that no devices connected to the office Wi-Fi network are able to reach the RUT955 or any devices on it’s LAN via port forwarding, effectively making it invisible.

At the same time, I still want to be able to access and port forward via the mobile connection, which is working correctly now.

Currently I have not found a way to do this as the ‘wan’ zone contains ‘wan, mob1s1a1, and mobs2a2’ as a whole, meaning if I implement a firewall rule to block traffic from WAN to LAN, it also disallows any access via the mobile interfaces.

Is there a way I can set up different WAN zones, such that the wired WAN connection is a different firewall zone to the mobile connections?

I have included a diagram below outlining the network as it is, and the two main zones I want to block and allow traffic between.

Is there any ideas as to how I might implement this scenario?

Hi poreilly,

Welcome to Teltonika Networks Community!

If you have 2 WAN sources and you dont want the other WAN source to access your LAN devices, you can create a traffic rule that will block traffic coming from a specific source subnet. Can you try to configure as shown below?



Let me know if this helps.

Regards,