Virtual Interface issue - TZ600 SonicOS Enhanced 6.5.4.7-83n
samaj
Newbie ✭
I want to create a virtual interface as 172.16.10.1/24 with parent interface X0 and allow LAN to WAN traffic on that virtual interface
I have created a virtual interface, access rule LAN to WAN, etc but it's not working
need some guidelines
thanks
Category: Entry Level Firewalls
Tagged:
0
Answers
@samaj,
What VLAN have you used for that virtual interface? Have you created the same VLAN on the LAN switch and is the computer you are testing from connected to a port of the switch that is the access port for that particular VLAN.
Are you able to get an IP address? Also, can you test by pinging 8.8.8.8 and see if that works?
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
@shiprasahu93
ok you mean, if I configure the virtual interface on the firewall. so I have to configure the same VLAN on the switch(i have L3 cisco) right?
@samaj,
Correct. If you have configured the VLAN sub-interface on the firewall, SonicWall will handle the inter-VLAN routing. You need not have any L3 decisions done on the CISCO switch. Please have the same VLAN added on the switch. Make the port connecting to the SonicWall X0 as trunk and the port connecting to the PC as access port of that particular VLAN.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
@shiprasahu93 ok got it, I configured it as you guided and it's working fine but...
what I configure
Zone:- vlan1
subinterface:- 192.168.2.1/24 on X0 parent interface
pc1:- 192.168.2.140
and same I configure on the switch
still, no access rule created for that subinterface but.. on pc1 internet is working without user authentication
@samaj,
If you have created the zone VLAN1 as trusted, then the access rule should be automatically added from VLAN1 to WAN that allows all traffic.
I would also suggest using a different VLAN than 1 as that is the native VLAN. There are a few VLANs reserved internally for firewall usage. It would be best to use 50 or above.
For user authentication, you would need to use ULA (user level authentication), which is VLAN1 -> WAN rule with
Source: Any
Destination: Any
Service: HTTP, HTTPS
Users included: Trusted Users.
Action: Allow
With this access rule in place, the users will be asked to enter a username/password before able to go online.
I hope that helps!
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services