Solved

Blocking IP range in Sonicwall.

Posted on 2014-04-04
11
481 Views
Last Modified: 2014-04-07
So one interface on our sonicwall is our wired LAN. Another interface has a wireless router plugged into it. At first, this separated the two networks, and someone on wireless could not see anything on the wired subnet. This has changed. Now people on the wireless are able to ping the wired LAN ip addresses. I tried blacklisting that range in the wireless router to stop this- but it doesn't work. I figure what I need to do is add a rule in the sonicwall that prevents the wireless IP range from seeing the wired IP range per this article here:

http://help.mysonicwall.com/sw/eng/general/ui1/6600/Access/Add_Rule.htm

My question is.. is this the right way to go about this, and is there any additional info that I need to know about help follow these steps in this article, i.e. options of WAN & LAN in the fields mentioned? Any help is much appreciated.
0
Comment
Question by:new_to_networks
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
11 Comments
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39978862
Hi new_to_networks,

So you want some of the IPs in the WLAN to talk to the LAN but other IPs in the WLAN you want to block? Is this correct?

If so what is your purpose for doing so?

Without knowing I'd suggest a separate VAP/VLAN/SSID for the user you don't want to connect to the LAN.
0
 
LVL 8

Expert Comment

by:Lee Ingalls
ID: 39978869
Are the addresses all DHCP assigned? All on addresses on the same sub-net?
I keep all my wired IP's static and wireless DHCP with a specific range of IP's defined as the scope.
0
 

Author Comment

by:new_to_networks
ID: 39978878
The people using the wifi - on the wireless ip range- should not be able to "see" our wired LAN ip range. They should have access to the internet and not anything internally. Right now they can ping IP addresses on the wired LAN- can't have that. I've attached a screenshot of the wireless interface on the Sonicwall. The wireless router is plugged into this interface. Our wired LAN is plugged into a different interface. DHCP is assigned on the wifi by the wireless router and DHCP is assigned on the wired LAN by a Windows Server.
Wireless-Interface-on-Sonicwall.jpg
0
Webinar: Security & Encryption in the MySQL world

Join Percona’s Solutions Engineer, Dimitri Vanoverbeke as he presents “Security and Encryption in the MySQL world” on Thursday, July 6, 2017 at 7:00 am PDT / 10:00 am EDT (UTC-7).

 
LVL 25

Expert Comment

by:Diverse IT
ID: 39979503
So how did you get them to communicate (allowed Access Rules or created an L2 Bridge) because by default the WLAN doesn't talk to the LAN?

Are they on different subnets LAN (192.168.x.x) and WLAN (172.16.x.x) or are they on the same?

It looks like you allowed access rather than created an L2 Bridge...so in that case simple modify the Access Rules from LAN2 > LAN Allow to Deny or Discard and vice versa (LAN>LAN2 Deny or Discard). That's it!
0
 

Author Comment

by:new_to_networks
ID: 39979507
Ok cool, I'll try it tomorrow when I'm back in the office.
0
 

Author Comment

by:new_to_networks
ID: 39979513
I didn't create any access rules for the wan in the first place.. maybe that's why all the trouble. Yes they're on different subnets.
0
 
LVL 25

Accepted Solution

by:
Diverse IT earned 500 total points
ID: 39979515
When you create a new interface Access Rules are setup by default but if they are located within the same Zone (LAN2) then they are set to Allow All. You just need to change them from Allow to Deny or Discard.
0
 

Author Comment

by:new_to_networks
ID: 39979532
Awesome thanks!
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39979667
My pleasure! Glad I could help.
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39983640
Have I answered all your questions?
0
 

Author Closing Comment

by:new_to_networks
ID: 39983660
Just had to make sure that I filled out the subfields as well specifying lan2 subnet cannot see  lan subnet.
0

Featured Post

Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question