@e.khudiyev Setting a static IP does not allow me to ping the router
DHCP log:
cat /var/log/messages | grep DHCP
Aug 27 10:03:13 router dhcpd: DHCPREQUEST for 192.168.10.39 from 3c:06:30:24:ee:64 via eth1
Aug 27 10:03:13 router dhcpd: DHCPACK on 192.168.10.39 to 3c:06:30:24:ee:64 via eth1
Aug 27 10:03:19 router dhcpd: DHCPDISCOVER from 1c:1b:0d:9a:dd:be (Jeevington) via eth1
Aug 27 10:03:20 router dhcpd: DHCPOFFER on 192.168.10.51 to 1c:1b:0d:9a:dd:be (Jeevington) via eth1
Aug 27 10:03:24 router dhcpd: DHCPDISCOVER from 1c:1b:0d:9a:dd:be (Jeevington) via eth1
Aug 27 10:03:24 router dhcpd: DHCPOFFER on 192.168.10.51 to 1c:1b:0d:9a:dd:be (Jeevington) via eth1
Aug 27 10:03:32 router dhcpd: DHCPDISCOVER from 1c:1b:0d:9a:dd:be (Jeevington) via eth1
Aug 27 10:03:32 router dhcpd: DHCPOFFER on 192.168.10.51 to 1c:1b:0d:9a:dd:be (Jeevington) via eth1
Aug 27 10:03:48 router dhcpd: DHCPDISCOVER from 1c:1b:0d:9a:dd:be (Jeevington) via eth1
Aug 27 10:03:48 router dhcpd: DHCPOFFER on 192.168.10.51 to 1c:1b:0d:9a:dd:be (Jeevington) via eth1
Aug 27 10:04:17 router dhcpd: DHCPREQUEST for 192.168.10.39 from 3c:06:30:24:ee:64 via eth1
Aug 27 10:04:17 router dhcpd: DHCPACK on 192.168.10.39 to 3c:06:30:24:ee:64 via eth1
Aug 27 10:04:20 router dhcpd: DHCPDISCOVER from 1c:1b:0d:9a:dd:be (Jeevington) via eth1
Aug 27 10:04:20 router dhcpd: DHCPOFFER on 192.168.10.51 to 1c:1b:0d:9a:dd:be (Jeevington) via eth1
Aug 27 10:04:24 router dhcpd: DHCPDISCOVER from 1c:1b:0d:9a:dd:be (Jeevington) via eth1
Aug 27 10:04:24 router dhcpd: DHCPOFFER on 192.168.10.51 to 1c:1b:0d:9a:dd:be (Jeevington) via eth1
Aug 27 10:04:25 router dhcpd: DHCPREQUEST for 192.168.10.45 from ae:35:f1:f2:bb:8d via eth1
Aug 27 10:04:25 router dhcpd: DHCPACK on 192.168.10.45 to ae:35:f1:f2:bb:8d (Pixel-4a) via eth1
Aug 27 10:04:32 router dhcpd: DHCPDISCOVER from 1c:1b:0d:9a:dd:be (Jeevington) via eth1
Aug 27 10:04:32 router dhcpd: DHCPOFFER on 192.168.10.51 to 1c:1b:0d:9a:dd:be (Jeevington) via eth1
Interface log:
vyos@router:~$ monitor traffic interface eth1.40
listening on eth1.40, link-type EN10MB (Ethernet), capture size 262144 bytes
10:03:16.722763 IP6 fe80::9ca3:4b21:4ceb:b48a.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
10:03:17.113165 ARP, Request who-has 169.254.180.138 tell 169.254.180.138, length 46
10:03:17.115137 IP6 fe80::9ca3:4b21:4ceb:b48a > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
10:03:17.115163 IP 169.254.180.138 > igmp.mcast.net: igmp v3 report, 1 group record(s)
10:03:17.115183 IP6 fe80::9ca3:4b21:4ceb:b48a > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
10:03:17.115188 IP 169.254.180.138 > igmp.mcast.net: igmp v3 report, 1 group record(s)
10:03:17.117216 IP6 fe80::9ca3:4b21:4ceb:b48a > ff02::16: HBH ICMP6, multicast listener report v2, 2 group record(s), length 48
10:03:17.117242 IP 169.254.180.138 > igmp.mcast.net: igmp v3 report, 1 group record(s)
10:03:17.193260 IP 169.254.180.138.netbios-ns > 169.254.255.255.netbios-ns: UDP, length 68
10:03:17.613390 IP 169.254.180.138 > igmp.mcast.net: igmp v3 report, 2 group record(s)
10:03:17.613432 IP6 fe80::9ca3:4b21:4ceb:b48a > ff02::16: HBH ICMP6, multicast listener report v2, 2 group record(s), length 48
10:03:17.941485 IP 169.254.180.138.netbios-ns > 169.254.255.255.netbios-ns: UDP, length 68
10:03:17.941545 IP 169.254.180.138.netbios-ns > 169.254.255.255.netbios-ns: UDP, length 68
10:03:17.941554 IP 169.254.180.138.netbios-ns > 169.254.255.255.netbios-ns: UDP, length 68
10:03:18.113244 IP6 fe80::9ca3:4b21:4ceb:b48a > ip6-allrouters: ICMP6, router solicitation, length 16
10:03:18.691628 IP 169.254.180.138.netbios-ns > 169.254.255.255.netbios-ns: UDP, length 68
10:03:18.691667 IP 169.254.180.138.netbios-ns > 169.254.255.255.netbios-ns: UDP, length 68
10:03:18.691676 IP 169.254.180.138.netbios-ns > 169.254.255.255.netbios-ns: UDP, length 68
10:03:19.394751 IP 169.254.180.138.58537 > 239.255.255.250.1900: UDP, length 137
10:03:19.441588 IP 169.254.180.138.netbios-ns > 169.254.255.255.netbios-ns: UDP, length 68
10:03:19.441630 IP 169.254.180.138.netbios-ns > 169.254.255.255.netbios-ns: UDP, length 68
10:03:19.441639 IP 169.254.180.138.netbios-ns > 169.254.255.255.netbios-ns: UDP, length 68
10:03:19.559643 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 1c:1b:0d:9a:dd:be (oui Unknown), length 300
10:03:20.722827 IP6 fe80::9ca3:4b21:4ceb:b48a.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
10:03:21.457493 IP6 fe80::9ca3:4b21:4ceb:b48a.58535 > ff02::c.1900: UDP, length 121
10:03:21.457532 IP 169.254.180.138.58537 > 239.255.255.250.1900: UDP, length 127
10:03:21.488717 IP6 fe80::9ca3:4b21:4ceb:b48a.58535 > ff02::c.1900: UDP, length 119
10:03:21.488756 IP 169.254.180.138.58537 > 239.255.255.250.1900: UDP, length 125
10:03:21.519995 IP6 fe80::9ca3:4b21:4ceb:b48a.58535 > ff02::c.1900: UDP, length 121
10:03:21.520032 IP 169.254.180.138.58537 > 239.255.255.250.1900: UDP, length 127
10:03:21.551082 IP6 fe80::9ca3:4b21:4ceb:b48a.58535 > ff02::c.1900: UDP, length 119
10:03:21.551119 IP 169.254.180.138.58537 > 239.255.255.250.1900: UDP, length 125
10:03:21.582526 IP6 fe80::9ca3:4b21:4ceb:b48a.58535 > ff02::c.1900: UDP, length 119
10:03:21.582565 IP 169.254.180.138.58537 > 239.255.255.250.1900: UDP, length 125
10:03:21.613786 IP 169.254.180.138.58537 > 239.255.255.250.1900: UDP, length 137
10:03:22.113663 IP6 fe80::9ca3:4b21:4ceb:b48a > ip6-allrouters: ICMP6, router solicitation, length 16
10:03:22.396510 IP 169.254.180.138.58537 > 239.255.255.250.1900: UDP, length 137
10:03:24.239937 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 1c:1b:0d:9a:dd:be (oui Unknown), length 300
10:03:24.613924 IP6 fe80::9ca3:4b21:4ceb:b48a.58535 > ff02::c.1900: UDP, length 121
10:03:24.613959 IP 169.254.180.138.58537 > 239.255.255.250.1900: UDP, length 127
10:03:24.645280 IP6 fe80::9ca3:4b21:4ceb:b48a.58535 > ff02::c.1900: UDP, length 119
My config:
set firewall all-ping 'enable'
set firewall broadcast-ping 'disable'
set firewall config-trap 'disable'
set firewall group address-group HOME-ASSISTANT-IP address 'xxx.xxx.10.4'
set firewall group address-group HOME-ASSISTANT-IP description 'IP address for Home Assistant Server'
set firewall group port-group PORT-DHCP port '67'
set firewall group port-group PORT-DHCP port '68'
set firewall group port-group PORT-DNS port '53'
set firewall group port-group PORT-MQTT port '1883'
set firewall group port-group PORT-MQTT port '1884'
set firewall group port-group PORT-MQTT port '8883'
set firewall group port-group PORT-MQTT port '8884'
set firewall group port-group PORT-NTP port '123'
set firewall ipv6-receive-redirects 'disable'
set firewall ipv6-src-route 'disable'
set firewall ip-src-route 'disable'
set firewall log-martians 'enable'
set firewall name GUEST-LOCAL default-action 'drop'
set firewall name GUEST-LOCAL enable-default-log
set firewall name GUEST-LOCAL rule 10 action 'accept'
set firewall name GUEST-LOCAL rule 10 state established 'enable'
set firewall name GUEST-LOCAL rule 10 state related 'enable'
set firewall name GUEST-LOCAL rule 11 action 'drop'
set firewall name GUEST-LOCAL rule 11 log 'enable'
set firewall name GUEST-LOCAL rule 11 state invalid 'enable'
set firewall name GUEST-LOCAL rule 100 action 'accept'
set firewall name GUEST-LOCAL rule 100 log 'enable'
set firewall name GUEST-LOCAL rule 100 protocol 'icmp'
set firewall name GUEST-LOCAL rule 400 action 'accept'
set firewall name GUEST-LOCAL rule 400 destination group port-group 'PORT-NTP'
set firewall name GUEST-LOCAL rule 400 log 'enable'
set firewall name GUEST-LOCAL rule 600 action 'accept'
set firewall name GUEST-LOCAL rule 600 destination group port-group 'PORT-DNS'
set firewall name GUEST-LOCAL rule 600 log 'enable'
set firewall name GUEST-LOCAL rule 700 action 'accept'
set firewall name GUEST-LOCAL rule 700 destination group port-group 'PORT-DHCP'
set firewall name GUEST-LOCAL rule 700 log 'enable'
set firewall name GUEST-WAN default-action 'accept'
set firewall name IOT-LAN default-action 'drop'
set firewall name IOT-LAN enable-default-log
set firewall name IOT-LAN rule 10 action 'accept'
set firewall name IOT-LAN rule 10 state established 'enable'
set firewall name IOT-LAN rule 10 state related 'enable'
set firewall name IOT-LAN rule 11 action 'drop'
set firewall name IOT-LAN rule 11 log 'enable'
set firewall name IOT-LAN rule 11 state invalid 'enable'
set firewall name IOT-LAN rule 100 action 'accept'
set firewall name IOT-LAN rule 100 description 'Allow IoT access to Home Assistant'
set firewall name IOT-LAN rule 100 destination group address-group 'HOME-ASSISTANT-IP'
set firewall name IOT-LAN rule 100 destination group port-group 'PORT-MQTT-TCP'
set firewall name IOT-LAN rule 100 protocol 'tcp'
set firewall name LAN--ALLOW default-action 'accept'
set firewall name LOCAL-WAN default-action 'accept'
set firewall name LOCAL--DHCP default-action 'drop'
set firewall name LOCAL--DHCP enable-default-log
set firewall name LOCAL--DHCP rule 10 action 'accept'
set firewall name LOCAL--DHCP rule 10 state established 'enable'
set firewall name LOCAL--DHCP rule 10 state related 'enable'
set firewall name LOCAL--DHCP rule 11 action 'drop'
set firewall name LOCAL--DHCP rule 11 log 'enable'
set firewall name LOCAL--DHCP rule 11 state invalid 'enable'
set firewall name LOCAL--DHCP rule 100 action 'accept'
set firewall name LOCAL--DHCP rule 100 log 'enable'
set firewall name LOCAL--DHCP rule 100 protocol 'icmp'
set firewall name LOCAL--DHCP rule 700 action 'accept'
set firewall name LOCAL--DHCP rule 700 destination group port-group 'PORT-DHCP'
set firewall name TO-LOCAL--INTERNAL default-action 'drop'
set firewall name TO-LOCAL--INTERNAL enable-default-log
set firewall name TO-LOCAL--INTERNAL rule 10 action 'accept'
set firewall name TO-LOCAL--INTERNAL rule 10 state established 'enable'
set firewall name TO-LOCAL--INTERNAL rule 10 state related 'enable'
set firewall name TO-LOCAL--INTERNAL rule 11 action 'drop'
set firewall name TO-LOCAL--INTERNAL rule 11 log 'enable'
set firewall name TO-LOCAL--INTERNAL rule 11 state invalid 'enable'
set firewall name TO-LOCAL--INTERNAL rule 100 action 'accept'
set firewall name TO-LOCAL--INTERNAL rule 100 log 'enable'
set firewall name TO-LOCAL--INTERNAL rule 100 protocol 'icmp'
set firewall name TO-LOCAL--INTERNAL rule 400 action 'accept'
set firewall name TO-LOCAL--INTERNAL rule 400 destination group port-group 'PORT-NTP'
set firewall name TO-LOCAL--INTERNAL rule 400 log 'enable'
set firewall name TO-LOCAL--INTERNAL rule 700 action 'accept'
set firewall name TO-LOCAL--INTERNAL rule 700 destination group port-group 'PORT-DHCP'
set firewall name TO-LOCAL--INTERNAL rule 700 log 'enable'
set firewall name WAN-GUEST default-action 'drop'
set firewall name WAN-GUEST enable-default-log
set firewall name WAN-GUEST rule 10 action 'accept'
set firewall name WAN-GUEST rule 10 state established 'enable'
set firewall name WAN-GUEST rule 10 state related 'enable'
set firewall name WAN-GUEST rule 11 action 'drop'
set firewall name WAN-GUEST rule 11 log 'enable'
set firewall name WAN-GUEST rule 11 state invalid 'enable'
set firewall name WAN-LAN default-action 'drop'
set firewall name WAN-LAN enable-default-log
set firewall name WAN-LAN rule 10 action 'accept'
set firewall name WAN-LAN rule 10 state established 'enable'
set firewall name WAN-LAN rule 10 state related 'enable'
set firewall name WAN-LAN rule 11 action 'drop'
set firewall name WAN-LAN rule 11 log 'enable'
set firewall name WAN-LAN rule 11 state invalid 'enable'
set firewall name WAN-LOCAL default-action 'drop'
set firewall name WAN-LOCAL enable-default-log
set firewall name WAN-LOCAL rule 10 action 'accept'
set firewall name WAN-LOCAL rule 10 state established 'enable'
set firewall name WAN-LOCAL rule 10 state related 'enable'
set firewall name WAN-LOCAL rule 11 action 'drop'
set firewall name WAN-LOCAL rule 11 log 'enable'
set firewall name WAN-LOCAL rule 11 state invalid 'enable'
set firewall receive-redirects 'disable'
set firewall send-redirects 'enable'
set firewall source-validation 'disable'
set firewall syn-cookies 'enable'
set firewall twa-hazards-protection 'disable'
set interfaces ethernet eth0 duplex 'auto'
set interfaces ethernet eth0 hw-id 'XX:XX:XX:XX:XX:98'
set interfaces ethernet eth0 smp-affinity 'auto'
set interfaces ethernet eth0 speed 'auto'
set interfaces ethernet eth0 vif 10 address 'dhcp'
set interfaces ethernet eth0 vif 10 description 'WAN'
set interfaces ethernet eth1 address 'xxx.xxx.10.1/24'
set interfaces ethernet eth1 description 'LAN'
set interfaces ethernet eth1 duplex 'auto'
set interfaces ethernet eth1 hw-id 'XX:XX:XX:XX:XX:99'
set interfaces ethernet eth1 smp-affinity 'auto'
set interfaces ethernet eth1 speed 'auto'
set interfaces ethernet eth1 vif 20 address 'xxx.xxx.20.1/24'
set interfaces ethernet eth1 vif 20 description 'CAMERA'
set interfaces ethernet eth1 vif 30 address 'xxx.xxx.30.1/24'
set interfaces ethernet eth1 vif 30 description 'IOT'
set interfaces ethernet eth1 vif 40 address 'xxx.xxx.40.1/24'
set interfaces ethernet eth1 vif 40 description 'GUEST'
set interfaces loopback lo
set nat source rule 100 outbound-interface 'eth0.10'
set nat source rule 100 source address 'xxx.xxx.10.0/24'
set nat source rule 100 translation address 'masquerade'
set nat source rule 400 outbound-interface 'eth0.10'
set nat source rule 400 source address 'xxx.xxx.40.0/24'
set nat source rule 400 translation address 'masquerade'
set service dhcp-server shared-network-name xxxxxx authoritative
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/24 default-router 'xxx.xxx.20.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/24 dns-server 'xxx.xxx.20.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/24 domain-name xxxxxx
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/24 ntp-server 'xxx.xxx.20.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/24 range 0 start 'xxx.xxx.20.50'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.20.0/24 range 0 stop 'xxx.xxx.20.250'
set service dhcp-server shared-network-name xxxxxx authoritative
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.40.0/24 default-router 'xxx.xxx.40.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.40.0/24 dns-server 'xxx.xxx.40.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.40.0/24 domain-name xxxxxx
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.40.0/24 ntp-server 'xxx.xxx.40.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.40.0/24 range 0 start 'xxx.xxx.40.50'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.40.0/24 range 0 stop 'xxx.xxx.40.200'
set service dhcp-server shared-network-name xxxxxx authoritative
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.30.0/24 default-router 'xxx.xxx.30.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.30.0/24 dns-server 'xxx.xxx.30.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.30.0/24 domain-name xxxxxx
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.30.0/24 ntp-server 'xxx.xxx.30.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.30.0/24 range 0 start 'xxx.xxx.30.20'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.30.0/24 range 0 stop 'xxx.xxx.30.250'
set service dhcp-server shared-network-name xxxxxx authoritative
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 default-router 'xxx.xxx.10.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 dns-server 'xxx.xxx.10.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 domain-name xxxxxx
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 ntp-server 'xxx.xxx.10.1'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 range 0 start 'xxx.xxx.10.30'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 range 0 stop 'xxx.xxx.10.250'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.20'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:9f'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.4'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:15'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.15'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:f0'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.2'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:40'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx ip-address 'xxx.xxx.10.11'
set service dhcp-server shared-network-name xxxxxx subnet xxx.xxx.10.0/24 static-mapping xxxxxx mac-address 'XX:XX:XX:XX:XX:43'
set service dns forwarding allow-from 'xxx.xxx.0.0/0'
set service dns forwarding cache-size '0'
set service dns forwarding listen-address 'xxx.xxx.10.1'
set service dns forwarding listen-address 'xxx.xxx.40.1'
set service dns forwarding system
set service ssh listen-address 'xxx.xxx.10.1'
set service ssh port '22'
set system config-management commit-revisions '100'
set system conntrack expect-table-size '2048'
set system conntrack hash-size '32768'
set system conntrack table-size '262144'
set system console device ttyS0 speed '9600'
set system host-name xxxxxx
set system login user xxxxxx authentication encrypted-password xxxxxx
set system login user xxxxxx authentication plaintext-password xxxxxx
set system login user xxxxxx level 'admin'
set system name-server 'xxx.xxx.1.1'
set system name-server 'xxx.xxx.0.1'
set system ntp listen-address 'xxx.xxx.10.1'
set system ntp listen-address 'xxx.xxx.20.1'
set system ntp listen-address 'xxx.xxx.30.1'
set system ntp listen-address 'xxx.xxx.40.1'
set system ntp server xxxxx.tld prefer
set system syslog global facility all level 'info'
set system syslog global facility protocols level 'debug'
set system time-zone 'UTC'
set zone-policy zone CAMERA default-action 'drop'
set zone-policy zone CAMERA from LAN firewall name 'LAN--ALLOW'
set zone-policy zone CAMERA from LOCAL firewall name 'LOCAL--DHCP'
set zone-policy zone CAMERA interface 'eth1.20'
set zone-policy zone GUEST default-action 'drop'
set zone-policy zone GUEST from LAN firewall name 'LAN--ALLOW'
set zone-policy zone GUEST from LOCAL firewall name 'LOCAL--DHCP'
set zone-policy zone GUEST from WAN firewall name 'WAN-GUEST'
set zone-policy zone GUEST interface 'eth1.40'
set zone-policy zone IOT default-action 'drop'
set zone-policy zone IOT from LAN firewall name 'LAN--ALLOW'
set zone-policy zone IOT from LOCAL firewall name 'LOCAL--DHCP'
set zone-policy zone IOT interface 'eth1.30'
set zone-policy zone LAN default-action 'drop'
set zone-policy zone LAN from IOT firewall name 'IOT-LAN'
set zone-policy zone LAN from LOCAL firewall name 'LOCAL--DHCP'
set zone-policy zone LAN from WAN firewall name 'WAN-LAN'
set zone-policy zone LAN interface 'eth1'
set zone-policy zone LOCAL default-action 'drop'
set zone-policy zone LOCAL from CAMERA firewall name 'TO-LOCAL--INTERNAL'
set zone-policy zone LOCAL from GUEST firewall name 'GUEST-LOCAL'
set zone-policy zone LOCAL from IOT firewall name 'TO-LOCAL--INTERNAL'
set zone-policy zone LOCAL from LAN firewall name 'LAN--ALLOW'
set zone-policy zone LOCAL from WAN firewall name 'WAN-LOCAL'
set zone-policy zone LOCAL local-zone
set zone-policy zone WAN default-action 'drop'
set zone-policy zone WAN from GUEST firewall name 'GUEST-WAN'
set zone-policy zone WAN from LAN firewall name 'LAN--ALLOW'
set zone-policy zone WAN from LOCAL firewall name 'LOCAL-WAN'
set zone-policy zone WAN interface 'eth0.10'
My switch profiles, ‘Jeevington’ is on a port set to network ‘Guest’:
Name Purpose Network Port Subnet IPV6 subnet VLAN
Camera Corporate LAN 192.168.20.0/24 None 20
Guest Corporate LAN 192.168.40.0/24 None 40
IoT Corporate LAN 192.168.30.0/24 None 30
LAN Corporate LAN 192.168.1.0/24 None