WLAN -LAN routing
I'm sure this is staring me in the face but I can't figure it out. We give out addresses to our wireless clients via DHCP scope on the firewall. Sonicwaves are on X5. Our LAN is on X16. How does the X5 traffic make it to X16 and vice versa? Is it just layer2 switched because I don't see any routing rules that appear to me at a glance that relate to this. I suspect routing as the x5 interface Ip is the gateway for the wireless clients. Is there some other magic happening I'm not considering?
BWC Cybersecurity Overlord ✭✭✭
Routing between X5 and X16 is automatcially done by the subnet (assigned to x5 and x16) routes, of course you need proper defaults routes on the clients pointing to your Firewall. Secondly you need to define the proper access rules from WLAN to LAN and vice versa.
If it's not just that simple maybe you can provide some details about addresses used etc.
Thanks for your reply. So it is behaving like a standard router then. If I set an Ip on an interface, the router will set a default route policy then?
I'am not sure if I can follow for 100%, but at the end it's quite simple.
You assign to your Network Interface X5 the IP address 192.168.5.1/24 and that's the Default Gateway you publish via DHCP to your clients on that interface (automatic Interface prepopulation in regards to your other thread). Don't put the AP in the equation, it's not involved in the routing :)
If you distribute another SSID on a different VLAN you do the same. For example SSID GUESTS runs on X5:V55 with an Interface IP address of 192.168.55.1/24 which you use as Default Gateway for that DHCP scope.
This makes sense as I see the X5 WLAN specified as the gateway for the clients in the current setup we have. Thank you.
One more question. How does the Sonicwall handle VLANs? We have some sub-interfaces with a VLAN tag. Does the sonicwall just do tagging or can it switch VLAN traffic?
If you're having a Virtual Interface (X0:V5) it's tagged on Interface X0 for example, otherwise it's untagged. IMHO the Port Shield Groups are for physical interfaces only, don't use them much.
You can do crazy stuff with NativeBridge but I prefer to do this properly on a switch if possible.
Using your example, once a packet leaves X0, or the firewall, the tag is stripped? It's just for seperating the sub interface on X0? I realize my question is confusing but I'm having a hard time putting it into words.
Yes, Packets via standard Interfaces are leaving the appliance untagged. In my example traffic for the subnet on X0 is untagged and for X0:V5 is tagged with VLAN ID5.
There are some VLANs internally used on the SonicOS side, but I never experienced any interference, AFAIK.
@djhurt1 - there are automatic routes created for every interface, from Source = Any, to their logical networks as destinations. They are set to use that interface and no gateway is needed. These route traffic between the directly connected networks on the firewall.