Hi,

I've posted a similar question about the 2955 but concluded it couldn't be done. Draytek Support and a couple of members on this forum have said the 2960 can do the scanerio below but I just cannot work out how to do it.

I want two networks to be able to talk to each other but restrict what ports are open between them, so I'll have

LAN1 - Internal PCs and Servers
LAN2 - Public facing servers

Effectively a DMZ on LAN2 - I cant use the DMZ Host because that's a single IP, I'll have multiple internet facing servers on LAN2.

I can see how you allow LAN1 and LAN2 to have complete freedom to one another by setting up a VLAN with both LAN! and 2 untagged and membered but of course I don't want this, I only want certain IP from one network to be able to talk to another via certain ports. So I then thought ill go into the firewall section and set a simple block rule to deny ping tests across the networks but despite that rule being enabled the ping carries on working.

Any thoughts or advice would be great - particularly step by step as im obviously missing something here