Peer - Isolation
Goal: Prevent lateral communication between one peer and others while retaining jump connectivity.
Deprecated approach removed
The is_isolated peer flag has been removed. Use the Groups & Policies system instead (see below).
Steps (current approach — Policies)
- Create (or reuse) a Group containing only the peer you want to isolate.
- Create a Policy with rules that deny peer-to-peer traffic while allowing traffic to/from the jump peer.
- Attach the policy to the group.
- Agent-based peers update automatically; static peers must download a new config.
See Groups, Policies & Routes for full details.
Verification
- Ping from the isolated peer to another regular peer fails.
- Ping to the jump peer succeeds.
Use Cases
- Untrusted device.
- Staging environment host.
- Guest access.