Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

WLAN -LAN routing

djhurt1djhurt1 Enthusiast ✭✭
in High End Firewalls

I'm sure this is staring me in the face but I can't figure it out. We give out addresses to our wireless clients via DHCP scope on the firewall. Sonicwaves are on X5. Our LAN is on X16. How does the X5 traffic make it to X16 and vice versa? Is it just layer2 switched because I don't see any routing rules that appear to me at a glance that relate to this. I suspect routing as the x5 interface Ip is the gateway for the wireless clients. Is there some other magic happening I'm not considering?

Category: High End Firewalls
Reply

Best Answer

  • CORRECT ANSWER
    BWCBWC Cybersecurity Overlord ✭✭✭
    Answer ✓

    Hi @djhurt1

    Routing between X5 and X16 is automatcially done by the subnet (assigned to x5 and x16) routes, of course you need proper defaults routes on the clients pointing to your Firewall. Secondly you need to define the proper access rules from WLAN to LAN and vice versa.

    If it's not just that simple maybe you can provide some details about addresses used etc.

    --Michael@BWC

Answers

  • djhurt1djhurt1 Enthusiast ✭✭

    Thanks for your reply. So it is behaving like a standard router then. If I set an Ip on an interface, the router will set a default route policy then?

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @djhurt1

    I'am not sure if I can follow for 100%, but at the end it's quite simple.

    You assign to your Network Interface X5 the IP address 192.168.5.1/24 and that's the Default Gateway you publish via DHCP to your clients on that interface (automatic Interface prepopulation in regards to your other thread). Don't put the AP in the equation, it's not involved in the routing :)

    If you distribute another SSID on a different VLAN you do the same. For example SSID GUESTS runs on X5:V55 with an Interface IP address of 192.168.55.1/24 which you use as Default Gateway for that DHCP scope.

    --Michael@BWC

  • djhurt1djhurt1 Enthusiast ✭✭

    This makes sense as I see the X5 WLAN specified as the gateway for the clients in the current setup we have. Thank you.

  • djhurt1djhurt1 Enthusiast ✭✭
    edited February 2021

    @BWC


    One more question. How does the Sonicwall handle VLANs? We have some sub-interfaces with a VLAN tag. Does the sonicwall just do tagging or can it switch VLAN traffic?

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @djhurt1

    If you're having a Virtual Interface (X0:V5) it's tagged on Interface X0 for example, otherwise it's untagged. IMHO the Port Shield Groups are for physical interfaces only, don't use them much.

    You can do crazy stuff with NativeBridge but I prefer to do this properly on a switch if possible.

    --Michael@BWC

  • djhurt1djhurt1 Enthusiast ✭✭

    Using your example, once a packet leaves X0, or the firewall, the tag is stripped? It's just for seperating the sub interface on X0? I realize my question is confusing but I'm having a hard time putting it into words.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Yes, Packets via standard Interfaces are leaving the appliance untagged. In my example traffic for the subnet on X0 is untagged and for X0:V5 is tagged with VLAN ID5.

    There are some VLANs internally used on the SonicOS side, but I never experienced any interference, AFAIK.

    --Michael@BWC

  • John_LasersohnJohn_Lasersohn Moderator
    edited February 2021

    @djhurt1 - there are automatic routes created for every interface, from Source = Any, to their logical networks as destinations. They are set to use that interface and no gateway is needed. These route traffic between the directly connected networks on the firewall.

    Interface-routes.PNG


Sign In or Register to comment.