Simple zone SDN

UtilisateurCXS · 2025-12-11T09:43:16+0100

I need help because I can't isolate two VMs on two different VNets, in two different zones, each with their own subnet, and it still manages to ping. I've also enabled the data center firewall on the node and on the VNets. Here are some screenshots of my configuration:

Firewall datacenter with non rule :

Node firewall :

Zone :

shanreich · 2025-12-11T09:45:25+0100

The traffic between those two zones gets routed by the host, so you'd need to create the forward rules on the host (where the routing happens), not inside the VNet firewall. Also, in order to use the forward rules you'd need to activate the nftables firewal (which is still in tech preview state!).

UtilisateurCXS · 2025-12-11T10:26:38+0100

So what exactly is the purpose of the vnet firewall?

UtilisateurCXS · 2025-12-11T10:27:10+0100

shanreich said:
The traffic between those two zones gets routed by the host, so you'd need to create the forward rules on the host (where the routing happens), not inside the VNet firewall. Also, in order to use the forward rules you'd need to activate the nftables firewal (which is still in tech preview state!).

Thanks you

shanreich · 2025-12-11T10:28:42+0100

UtilisateurCXS said:
So what exactly is the purpose of the vnet firewall?

it is for filtering traffic inside the vnet itself - you can check the documentation for more information [1]

[1] https://pve.proxmox.com/pve-docs/pve-admin-guide.html#_directions_amp_zones

UtilisateurCXS · 2025-12-11T10:36:52+0100

Thanks you.

Search

Search

Simple zone SDN

UtilisateurCXS

New Member

shanreich

Proxmox Staff Member

UtilisateurCXS

New Member

UtilisateurCXS

New Member

shanreich

Proxmox Staff Member

UtilisateurCXS

New Member

We value your privacy