1 WAN to 2 LAN
Im working on a school. For now we used 2 routers with its own WAN to seperate student and admin network.
I want to get rid of 1 router, to use the new advanced router for both networks.
Its a Zyxel Zywall 310.
I managed to make 1 WAN, and 2 LAN (see image)
It works fine because i got seperate switches and cables for each network. So its not a vlan and i guees its not important to create a vlan?
Thats what im asking for.
Is this setup valid? Can the 2 networks connect to each other? They may not be able to.
I know they can ping eachother, but a part from that, the networks most be completely seperated. Are they?
Is there anything to take into consideration, before deploying this pretty simple setup?
Best regards
Mike Kristensen
IT admin
Who is Participating?
Experts Exchange Solution brought to you by
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Experts Exchange Solution brought to you by
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
Are zones just something you configure? Or does it actually does something specific? Or can you create your own zone, with your own rules? And that is kinda how zones work?
For me it seems like zones are doing something to the ports. But i dont have to use them. I can use port 1 as WAN if i like, and port 2 as LAN etc. etc .?
Is this true?
Interfaces have a default zone, but you can change that. Interfaces can be member of exactly one zone.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
From novice to tech pro — start learning today.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Experts Exchange Solution brought to you by
ge3 is configured as LAN, ge4 as DMZ by default. Did you change the zone for latter?
To be able to use firewall policies to the full extent, you'll need to put the LAN interfaces into different zones, as policies are applied whenever traffic crosses zones (not interfaces). For intra-zone traffic you can only set up allow-all or deny-all (not sure about that, the manual is ambiguous at page 209).
I recommend to use two zones like "Students" and "Admin", and put each interface into one of them, then set up policies to define which kind of traffic may be passing. You can set up different rules for the admin network to have full access to the students', while blocking anything but ICMP coming from students network.