Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Disable inter VLAN routing

I have a few VLAN’s in my Sonicwall but I can still ping devices from one VLAN to another. I’m pretty sure it’s because they’re in the same zone. If I create a new zone (VOIP zone for example) to move one of my VLAN’s into it and set the security type to "trusted", that just means that any VLANs I put into the VOIP zone would be able to talk to each other but not the LAN zone right? Also need to make sure they can connect out to the internet.


Category: Entry Level Firewalls
Reply
Tagged:

Best Answer

  • CORRECT ANSWER
    BWCBWC Cybersecurity Overlord ✭✭✭
    Accepted Answer

    @PaulS83 you have to disable the Interface Trust for the LAN Zone or put every VLAN in it's own Zone. Make sure to disable the automatic creation of Rules in the Zone settings.

    --Michael@BWC

Answers

  • PaulS83PaulS83 Newbie ✭

    Thanks for that! If I uncheck that box to "allow traffic between zones of the same trust level" and move my phones into that VOIP zone, will they still be able to connect to the gateway for connectivity since the VOIP VLAN is a sub interface of X0?

  • BWCBWC Cybersecurity Overlord ✭✭✭
    edited October 3

    No, VoIP will not be able to communicate with LAN, you have to create Access Rules for allow any traffic. Default will be Drop Traffic.

    --Michael@BWC

  • PaulS83PaulS83 Newbie ✭

    Sorry I'm a bit confused. I don't want any VOIP traffic to be able to communicate with the LAN but I do need it to have internet access. Do I just need to crate an access rule that says...

    From VOIP ZONE to WAN, allow "all", source "any"?



  • BWCBWC Cybersecurity Overlord ✭✭✭

    That's correct, if everything is forbidden, you have to allow what's necessary, VoIP -> WAN in your case.

    --Michael@BWC

  • PaulS83PaulS83 Newbie ✭
    edited October 3

    Perfect. Thanks for the help!

    Do I need to worry about DHCP since the VLAN's are bound to X0?


  • PaulS83PaulS83 Newbie ✭

    Creating the new zone then manually adding the rules to only allow WAN access worked. Thanks!

Sign In or Register to comment.