Solved

Routing networks through vlan to allow content filter

Posted on 2007-03-21
3
554 Views
Last Modified: 2008-05-15
I have a few questions regarding something i would like to setup/change.  I would like to block web access from all our IP-VPN connections. Currently we are provided a private IP-VPN solution through Bell.  They have a cisco router here that attaches to our Lan.  I have a Sonicwall Router/Firewall device as out gateway and edge device.  I would like to use the content filtering feature of the Sonicwall but in order to do this i must turn on the content filter on the Lan zone to block the websites and such.  This causes a problem because i do not want to restrict our local Lan with this service.  The sonicwall's have other interfaces that i can plug the Bell service into but i don't have access to change the Lan IP of their router so i need a way to route traffic to it.  I assume i can create a vlan or two on our cisco 3560 to enable what i need.  I have attached a quick sketch of our current setup, i'm just not sure the best route.

The problem that i face is in order to hookup the IP-VPN network to the new soniocwall interface it must be a different subnet.  So i would assume i need to find a way to route between the two.  Do i use vlan's? is there a better way?

INTERNET
     |
     |
Sonicwall
     |
     |
Cisco 3560 ----------------- Bell router (Lan IP 192.168.1.70)-------------------WAN connected to 10.0.0.0
     |
     |
   LAN

Local subnet is 192.168.1.0/24

Do i create a vlan on the cisco 3560? Do i hookup the bell network directly to the interface on the sonicwall?

thanks in advance
0
Comment
Question by:lgropper
  • 2
3 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
Comment Utility
Several issues here. Since all local LAN IP's are 192.168.1.x, I assume that you don't want to change those.  And you can't change the LAN IP of the Bell router. Can you call Bell and ask them to change it? After all, you are paying them for it. That would be the simple solution and then you can plug it right into one of the sonicwall ports.

VLAN's are not the answer because the vlans should be different IP subnets, too, and the Sonicwall must be able to support vlan subinterfaces.

Since you really only want to filter the 10.0.0.0 subnet traffic, can't you setup the Sonicwall to only filter by source IP address? Or is it all or nothing attached to the physical interface? It would be a piece of cake with a Cisco firewall, but unfortunately I don't know SonicOS
0
 

Author Comment

by:lgropper
Comment Utility
I am in the middle of speaking with bell to have the interface IP's changed, i just didn't want them to touch anything working because they cause major problems all the time.  My thoughts were the same...

I was thinking vlan's because i could create another subnet and route between them but its more of a patch then an answer.

The sonicwall's content filtering only works per zone + Physical interface.  If the traffic is passing through our LAN interface along with our  local subnet when i turn on the filter it blocks both,  just not that intelligent.

I spoke with sonicwall and there doesn't seem to be a way to filter by IP for the content filtering service... Firewall and other such things not a problem.

This should be such an easy task.... geez.
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
It is an easy task with Cisco products <grin>
<8-}
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

What’s a web proxy server? A proxy server is a server that goes between clients and web servers, used in corporate to enforce corporate browsing policy and ensure security. Proxy servers are commonly used in three modes. A)    Forward proxy …
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now