Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

SonicWALL VLAN traffic segretation

Posted on 2011-09-27
3
846 Views
Last Modified: 2012-05-12
I have a SonicWALL NSA 2400.  WAN X1 is connected to the upstream provider, LAN X0 has two VLANs.  The VLANs are 2 and 3.  Devices on both VLANs can access the Internet.

However, devices on VLAN 2 can access devices on VLAN 3, and vice-versa.  I want to segregate the traffic so that devices on each VLAN can get to the Internet, but not pass traffic back and forth intra-VLAN.  How can this be achieved?
0
Comment
Question by:e2346437
  • 2
3 Comments
 
LVL 32

Expert Comment

by:aleghart
ID: 36713311
Firewall -- Access Rules -- LAN>LAN -- Add...

Action: Deny
Service: Any
Source: VLAN2
Destination VLAN3

But, this will only work if the SonicWall is the only router on the LAN, and the VLANs are coming in on separate interfaces.

If you're running VLANs already, before the traffic hits the SonicWall (you're using the same X0 interface, that means you have a routing switch for your LAN already?

In that case, you'd have to disallow inter-VLAN traffic on your core switch, not the internet gateway.

I can't test that, as my core router/switch is handling VLAN, not the SonicWall.
0
 

Accepted Solution

by:
e2346437 earned 0 total points
ID: 36923531
I found the answer to the problem.  Need to create a new zone, type public.  Make sure allow interface trust is checked, so that firewall rules are built automatically.  Place the interface into that zone and it won't be able to talk to the other interfaces but it will be allowed out to the Internet.
0
 

Author Closing Comment

by:e2346437
ID: 36947332
Found the answer.
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ISP 1000 - Netscreen 2 64
Choosing a firewall for our broadband cable connection 2 70
Pfsense - and other email Servers 8 47
Need a "SonicWall" Replacement 12 37
We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question