Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Virtual Interface issue - TZ600 SonicOS Enhanced

I want to create a virtual interface as with parent interface X0 and allow LAN to WAN traffic on that virtual interface

I have created a virtual interface, access rule LAN to WAN, etc but it's not working

need some guidelines


Category: Entry Level Firewalls


  • shiprasahu93shiprasahu93 Moderator
    edited February 2021


    What VLAN have you used for that virtual interface? Have you created the same VLAN on the LAN switch and is the computer you are testing from connected to a port of the switch that is the access port for that particular VLAN.

    Are you able to get an IP address? Also, can you test by pinging and see if that works?


    Shipra Sahu

    Technical Support Advisor, Premier Services

  • samajsamaj Newbie ✭


    ok you mean, if I configure the virtual interface on the firewall. so I have to configure the same VLAN on the switch(i have L3 cisco) right?

  • @samaj,

    Correct. If you have configured the VLAN sub-interface on the firewall, SonicWall will handle the inter-VLAN routing. You need not have any L3 decisions done on the CISCO switch. Please have the same VLAN added on the switch. Make the port connecting to the SonicWall X0 as trunk and the port connecting to the PC as access port of that particular VLAN.


    Shipra Sahu

    Technical Support Advisor, Premier Services

  • samajsamaj Newbie ✭

    @shiprasahu93 ok got it, I configured it as you guided and it's working fine but...

    what I configure

    Zone:- vlan1

    subinterface:- on X0 parent interface


    and same I configure on the switch

    still, no access rule created for that subinterface but.. on pc1 internet is working without user authentication

  • @samaj,

    If you have created the zone VLAN1 as trusted, then the access rule should be automatically added from VLAN1 to WAN that allows all traffic.

    I would also suggest using a different VLAN than 1 as that is the native VLAN. There are a few VLANs reserved internally for firewall usage. It would be best to use 50 or above.

    For user authentication, you would need to use ULA (user level authentication), which is VLAN1 -> WAN rule with

    Source: Any

    Destination: Any

    Service: HTTP, HTTPS

    Users included: Trusted Users.

    Action: Allow

    With this access rule in place, the users will be asked to enter a username/password before able to go online.

    I hope that helps!


    Shipra Sahu

    Technical Support Advisor, Premier Services

Sign In or Register to comment.