Routing networks through vlan to allow content filter

Posted on 2007-03-21
Medium Priority
Last Modified: 2008-05-15
I have a few questions regarding something i would like to setup/change.  I would like to block web access from all our IP-VPN connections. Currently we are provided a private IP-VPN solution through Bell.  They have a cisco router here that attaches to our Lan.  I have a Sonicwall Router/Firewall device as out gateway and edge device.  I would like to use the content filtering feature of the Sonicwall but in order to do this i must turn on the content filter on the Lan zone to block the websites and such.  This causes a problem because i do not want to restrict our local Lan with this service.  The sonicwall's have other interfaces that i can plug the Bell service into but i don't have access to change the Lan IP of their router so i need a way to route traffic to it.  I assume i can create a vlan or two on our cisco 3560 to enable what i need.  I have attached a quick sketch of our current setup, i'm just not sure the best route.

The problem that i face is in order to hookup the IP-VPN network to the new soniocwall interface it must be a different subnet.  So i would assume i need to find a way to route between the two.  Do i use vlan's? is there a better way?

Cisco 3560 ----------------- Bell router (Lan IP connected to

Local subnet is

Do i create a vlan on the cisco 3560? Do i hookup the bell network directly to the interface on the sonicwall?

thanks in advance
Question by:lgropper
  • 2
LVL 79

Accepted Solution

lrmoore earned 2000 total points
ID: 18770560
Several issues here. Since all local LAN IP's are 192.168.1.x, I assume that you don't want to change those.  And you can't change the LAN IP of the Bell router. Can you call Bell and ask them to change it? After all, you are paying them for it. That would be the simple solution and then you can plug it right into one of the sonicwall ports.

VLAN's are not the answer because the vlans should be different IP subnets, too, and the Sonicwall must be able to support vlan subinterfaces.

Since you really only want to filter the subnet traffic, can't you setup the Sonicwall to only filter by source IP address? Or is it all or nothing attached to the physical interface? It would be a piece of cake with a Cisco firewall, but unfortunately I don't know SonicOS

Author Comment

ID: 18771155
I am in the middle of speaking with bell to have the interface IP's changed, i just didn't want them to touch anything working because they cause major problems all the time.  My thoughts were the same...

I was thinking vlan's because i could create another subnet and route between them but its more of a patch then an answer.

The sonicwall's content filtering only works per zone + Physical interface.  If the traffic is passing through our LAN interface along with our  local subnet when i turn on the filter it blocks both,  just not that intelligent.

I spoke with sonicwall and there doesn't seem to be a way to filter by IP for the content filtering service... Firewall and other such things not a problem.

This should be such an easy task.... geez.
LVL 79

Expert Comment

ID: 18771182
It is an easy task with Cisco products <grin>

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question