Solved

SonicWALL VLAN traffic segretation

Posted on 2011-09-27
3
842 Views
Last Modified: 2012-05-12
I have a SonicWALL NSA 2400.  WAN X1 is connected to the upstream provider, LAN X0 has two VLANs.  The VLANs are 2 and 3.  Devices on both VLANs can access the Internet.

However, devices on VLAN 2 can access devices on VLAN 3, and vice-versa.  I want to segregate the traffic so that devices on each VLAN can get to the Internet, but not pass traffic back and forth intra-VLAN.  How can this be achieved?
0
Comment
Question by:e2346437
  • 2
3 Comments
 
LVL 32

Expert Comment

by:aleghart
ID: 36713311
Firewall -- Access Rules -- LAN>LAN -- Add...

Action: Deny
Service: Any
Source: VLAN2
Destination VLAN3

But, this will only work if the SonicWall is the only router on the LAN, and the VLANs are coming in on separate interfaces.

If you're running VLANs already, before the traffic hits the SonicWall (you're using the same X0 interface, that means you have a routing switch for your LAN already?

In that case, you'd have to disallow inter-VLAN traffic on your core switch, not the internet gateway.

I can't test that, as my core router/switch is handling VLAN, not the SonicWall.
0
 

Accepted Solution

by:
e2346437 earned 0 total points
ID: 36923531
I found the answer to the problem.  Need to create a new zone, type public.  Make sure allow interface trust is checked, so that firewall rules are built automatically.  Place the interface into that zone and it won't be able to talk to the other interfaces but it will be allowed out to the Internet.
0
 

Author Closing Comment

by:e2346437
ID: 36947332
Found the answer.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cannot access HTTPS or HTTP sites through EasyVPN site to site tunnel 3 49
jump server vs push server 6 154
SonicWall blocking WOL 11 117
Possible RST Flood on IF X0 Sonicwall 6 192
Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now