[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 865
  • Last Modified:

SonicWALL VLAN traffic segretation

I have a SonicWALL NSA 2400.  WAN X1 is connected to the upstream provider, LAN X0 has two VLANs.  The VLANs are 2 and 3.  Devices on both VLANs can access the Internet.

However, devices on VLAN 2 can access devices on VLAN 3, and vice-versa.  I want to segregate the traffic so that devices on each VLAN can get to the Internet, but not pass traffic back and forth intra-VLAN.  How can this be achieved?
0
e2346437
Asked:
e2346437
  • 2
1 Solution
 
aleghartCommented:
Firewall -- Access Rules -- LAN>LAN -- Add...

Action: Deny
Service: Any
Source: VLAN2
Destination VLAN3

But, this will only work if the SonicWall is the only router on the LAN, and the VLANs are coming in on separate interfaces.

If you're running VLANs already, before the traffic hits the SonicWall (you're using the same X0 interface, that means you have a routing switch for your LAN already?

In that case, you'd have to disallow inter-VLAN traffic on your core switch, not the internet gateway.

I can't test that, as my core router/switch is handling VLAN, not the SonicWall.
0
 
e2346437Author Commented:
I found the answer to the problem.  Need to create a new zone, type public.  Make sure allow interface trust is checked, so that firewall rules are built automatically.  Place the interface into that zone and it won't be able to talk to the other interfaces but it will be allowed out to the Internet.
0
 
e2346437Author Commented:
Found the answer.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now