Solved

Blocking IP range in Sonicwall.

Posted on 2014-04-04
11
476 Views
Last Modified: 2014-04-07
So one interface on our sonicwall is our wired LAN. Another interface has a wireless router plugged into it. At first, this separated the two networks, and someone on wireless could not see anything on the wired subnet. This has changed. Now people on the wireless are able to ping the wired LAN ip addresses. I tried blacklisting that range in the wireless router to stop this- but it doesn't work. I figure what I need to do is add a rule in the sonicwall that prevents the wireless IP range from seeing the wired IP range per this article here:

http://help.mysonicwall.com/sw/eng/general/ui1/6600/Access/Add_Rule.htm

My question is.. is this the right way to go about this, and is there any additional info that I need to know about help follow these steps in this article, i.e. options of WAN & LAN in the fields mentioned? Any help is much appreciated.
0
Comment
Question by:new_to_networks
  • 5
  • 5
11 Comments
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39978862
Hi new_to_networks,

So you want some of the IPs in the WLAN to talk to the LAN but other IPs in the WLAN you want to block? Is this correct?

If so what is your purpose for doing so?

Without knowing I'd suggest a separate VAP/VLAN/SSID for the user you don't want to connect to the LAN.
0
 
LVL 8

Expert Comment

by:Lee Ingalls
ID: 39978869
Are the addresses all DHCP assigned? All on addresses on the same sub-net?
I keep all my wired IP's static and wireless DHCP with a specific range of IP's defined as the scope.
0
 

Author Comment

by:new_to_networks
ID: 39978878
The people using the wifi - on the wireless ip range- should not be able to "see" our wired LAN ip range. They should have access to the internet and not anything internally. Right now they can ping IP addresses on the wired LAN- can't have that. I've attached a screenshot of the wireless interface on the Sonicwall. The wireless router is plugged into this interface. Our wired LAN is plugged into a different interface. DHCP is assigned on the wifi by the wireless router and DHCP is assigned on the wired LAN by a Windows Server.
Wireless-Interface-on-Sonicwall.jpg
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 25

Expert Comment

by:Diverse IT
ID: 39979503
So how did you get them to communicate (allowed Access Rules or created an L2 Bridge) because by default the WLAN doesn't talk to the LAN?

Are they on different subnets LAN (192.168.x.x) and WLAN (172.16.x.x) or are they on the same?

It looks like you allowed access rather than created an L2 Bridge...so in that case simple modify the Access Rules from LAN2 > LAN Allow to Deny or Discard and vice versa (LAN>LAN2 Deny or Discard). That's it!
0
 

Author Comment

by:new_to_networks
ID: 39979507
Ok cool, I'll try it tomorrow when I'm back in the office.
0
 

Author Comment

by:new_to_networks
ID: 39979513
I didn't create any access rules for the wan in the first place.. maybe that's why all the trouble. Yes they're on different subnets.
0
 
LVL 25

Accepted Solution

by:
Diverse IT earned 500 total points
ID: 39979515
When you create a new interface Access Rules are setup by default but if they are located within the same Zone (LAN2) then they are set to Allow All. You just need to change them from Allow to Deny or Discard.
0
 

Author Comment

by:new_to_networks
ID: 39979532
Awesome thanks!
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39979667
My pleasure! Glad I could help.
0
 
LVL 25

Expert Comment

by:Diverse IT
ID: 39983640
Have I answered all your questions?
0
 

Author Closing Comment

by:new_to_networks
ID: 39983660
Just had to make sure that I filled out the subfields as well specifying lan2 subnet cannot see  lan subnet.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question