Solved

SonicWALL VLAN traffic segretation

Posted on 2011-09-27
3
850 Views
Last Modified: 2012-05-12
I have a SonicWALL NSA 2400.  WAN X1 is connected to the upstream provider, LAN X0 has two VLANs.  The VLANs are 2 and 3.  Devices on both VLANs can access the Internet.

However, devices on VLAN 2 can access devices on VLAN 3, and vice-versa.  I want to segregate the traffic so that devices on each VLAN can get to the Internet, but not pass traffic back and forth intra-VLAN.  How can this be achieved?
0
Comment
Question by:e2346437
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 32

Expert Comment

by:aleghart
ID: 36713311
Firewall -- Access Rules -- LAN>LAN -- Add...

Action: Deny
Service: Any
Source: VLAN2
Destination VLAN3

But, this will only work if the SonicWall is the only router on the LAN, and the VLANs are coming in on separate interfaces.

If you're running VLANs already, before the traffic hits the SonicWall (you're using the same X0 interface, that means you have a routing switch for your LAN already?

In that case, you'd have to disallow inter-VLAN traffic on your core switch, not the internet gateway.

I can't test that, as my core router/switch is handling VLAN, not the SonicWall.
0
 

Accepted Solution

by:
e2346437 earned 0 total points
ID: 36923531
I found the answer to the problem.  Need to create a new zone, type public.  Make sure allow interface trust is checked, so that firewall rules are built automatically.  Place the interface into that zone and it won't be able to talk to the other interfaces but it will be allowed out to the Internet.
0
 

Author Closing Comment

by:e2346437
ID: 36947332
Found the answer.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Watchguard XTM 2 94
Cisco ASA 5506 5 80
ASA - RV130 VPN tunnel, cannot pass traffic 8 84
How to route a specific IP address to a specific port on a Fortinet 90D 2 47
We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question