Prevent all users from seeing a certain device

Hello,

I have a firewall which I do not want users to be able to or connect.

I’ve done the following:

Added a tag to the device:

"acls": [
	//allow admins to access pfsense
	{
		"action": "accept",
		"src":    ["someuser@org.com"],
		"dst":    ["tag:pfsense:*"],
	},
"hosts": {
	"pfsense": "x.x.x.x",
},

“tagOwners”: {
“tag:pfsense”: [“someuser@org.com”],
},

But all users still see the device in the Network Device section. Is there a way to prevent it from even being listed?

Thanks,
Akash

Users other than those allowed by the ACL should not be able to see the device. It seems likely that there is another ACL that grants the ability to access the device in some way (e.g. if it is a subnet router or exit node, then users with access to use those portions of the device will still see it).

After taking another look at the ACLs, if you can’t find why the device is being revealed to users, I recommend one of:

  • Share your complete ACL file
  • Share your tailnet name
  • Contact support@tailscale.com and someone can take a look

(post deleted by author)