Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Blocking IP range in Sonicwall.

Posted on 2014-04-04
11
Medium Priority
?
491 Views
Last Modified: 2014-04-07
So one interface on our sonicwall is our wired LAN. Another interface has a wireless router plugged into it. At first, this separated the two networks, and someone on wireless could not see anything on the wired subnet. This has changed. Now people on the wireless are able to ping the wired LAN ip addresses. I tried blacklisting that range in the wireless router to stop this- but it doesn't work. I figure what I need to do is add a rule in the sonicwall that prevents the wireless IP range from seeing the wired IP range per this article here:

http://help.mysonicwall.com/sw/eng/general/ui1/6600/Access/Add_Rule.htm

My question is.. is this the right way to go about this, and is there any additional info that I need to know about help follow these steps in this article, i.e. options of WAN & LAN in the fields mentioned? Any help is much appreciated.
0
Comment
Question by:new_to_networks
  • 5
  • 5
11 Comments
 
LVL 27

Expert Comment

by:Blue Street Tech
ID: 39978862
Hi new_to_networks,

So you want some of the IPs in the WLAN to talk to the LAN but other IPs in the WLAN you want to block? Is this correct?

If so what is your purpose for doing so?

Without knowing I'd suggest a separate VAP/VLAN/SSID for the user you don't want to connect to the LAN.
0
 
LVL 9

Expert Comment

by:Lee Ingalls
ID: 39978869
Are the addresses all DHCP assigned? All on addresses on the same sub-net?
I keep all my wired IP's static and wireless DHCP with a specific range of IP's defined as the scope.
0
 

Author Comment

by:new_to_networks
ID: 39978878
The people using the wifi - on the wireless ip range- should not be able to "see" our wired LAN ip range. They should have access to the internet and not anything internally. Right now they can ping IP addresses on the wired LAN- can't have that. I've attached a screenshot of the wireless interface on the Sonicwall. The wireless router is plugged into this interface. Our wired LAN is plugged into a different interface. DHCP is assigned on the wifi by the wireless router and DHCP is assigned on the wired LAN by a Windows Server.
Wireless-Interface-on-Sonicwall.jpg
0
Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!

 
LVL 27

Expert Comment

by:Blue Street Tech
ID: 39979503
So how did you get them to communicate (allowed Access Rules or created an L2 Bridge) because by default the WLAN doesn't talk to the LAN?

Are they on different subnets LAN (192.168.x.x) and WLAN (172.16.x.x) or are they on the same?

It looks like you allowed access rather than created an L2 Bridge...so in that case simple modify the Access Rules from LAN2 > LAN Allow to Deny or Discard and vice versa (LAN>LAN2 Deny or Discard). That's it!
0
 

Author Comment

by:new_to_networks
ID: 39979507
Ok cool, I'll try it tomorrow when I'm back in the office.
0
 

Author Comment

by:new_to_networks
ID: 39979513
I didn't create any access rules for the wan in the first place.. maybe that's why all the trouble. Yes they're on different subnets.
0
 
LVL 27

Accepted Solution

by:
Blue Street Tech earned 2000 total points
ID: 39979515
When you create a new interface Access Rules are setup by default but if they are located within the same Zone (LAN2) then they are set to Allow All. You just need to change them from Allow to Deny or Discard.
0
 

Author Comment

by:new_to_networks
ID: 39979532
Awesome thanks!
0
 
LVL 27

Expert Comment

by:Blue Street Tech
ID: 39979667
My pleasure! Glad I could help.
0
 
LVL 27

Expert Comment

by:Blue Street Tech
ID: 39983640
Have I answered all your questions?
0
 

Author Closing Comment

by:new_to_networks
ID: 39983660
Just had to make sure that I filled out the subfields as well specifying lan2 subnet cannot see  lan subnet.
0

Featured Post

Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question