Network zones in rules doesn't work


I want to limit all my conncetions inside one zone. Allow connections only to the zone IPs and deny all others. I have dynamic IP from the range of this zone.

So I create zone “Local” with two IP ranges “R1” and “R2”. Then I create a global rule “Block TCP or UDP From in [Local] to not in [Local] where source port is any and destination port is any”

But when I try to connect from the IP from “Local” (IP1) to the IP outside “Local” (IP2) it is not blocked. Please tell me why.

All the system works correct. When I create global rule “Block TCP or UDP From [IP1] to [IP2] where source port is any and destination port is any” all works fine, the connection is blocked.

P. S.: I also speak russian

Please export the non-working firewall configuration with CFP configuration report and attach its text file in you first post.

Check after a reboot if your custom Local zone was saved by CFP.


I’ve got a friend whose English is even worse than mine :’(, hence I post here for him because it seems that his problem is similar to cardina1’s.
He has provided a service through Internet but for the private use of an organisation. He would like to use CFP to limit incoming requests to the IP address of that service to a list of known MAC addresses.
He has defined a Network zone for that purpose, were the MAC addresses have been entered.
Then in the Global Rules dialog, he has added a rule to allow only the aforementioned network zone to access the service. As a result, traffic is blocked for everybody, including the registered MAC addresses. If he replaces the Network zone in the rule with an IP address and tests using that IP address, it works.
As a conclusion, using a Network zone in a global rule does not seem to work correctly.


(BTW, this is the first time I post here but this forum rocks! (R))

Aren’t MAC address based rules limited to one subnet (LAN), so if you provide service over the Internet then it simply won’t work. If it is the case then you could use VPN and if you do that then it really doesn’t matter whether you make safe zone using MACs or IPs.