Sonic wall routing vlans
Hello all!
I having a problem with a 5650 v6.5.
I have fairly flat network and I'm adding vlans. There are 4 non vlan's subnets and I'm adding 2 new vlan'd subnets. I want to do all the routing in the SonicWALL. I'm newer to the SonicWALL world. I'm coming from the cisco world.
I have added the 2 new vlan interfaces of a X1 port. X1:V7 and X1:V10. For starters I want all all networks to be able to ping those interfaces. Then once migration is done start to lock them down.
Details:
X1 10.10.10.1/24 NETA
X1:V7 10.10.70.1/24 NET7
X1:V10 10.10.100.1/24 NET10
X2: 192.168.100.1/24 NET100
X3: 10.10.30.1/24 NET30
X4: internet
X1,2,3,4 are all preexisting and working as wanted. I've added V7&10. From the console I see all interfaces locally and can ping them. Ping is enabled on all interfaces for troubleshooting. For troubleshooting I'll focus on connection from 10.10.30.0/24 to 10.10.100.0/24. Machines on 10.10.30.0/24 network can of course ping it's gateway 10.10.30.1/24 but cannot ping 10.10.100.1. I have added:
Route rule: Source:any Dest:NET10 Service:any app:any route:standard GW:X1:V10 IP int:X1:V10
Access rule: from:NET30 to: NET10 any, any, any, allow
Access rule: from: NET10 to NET30 any,any,any, allow
Machine 10.10.30.50 cannot ping 10.10.100.1, Traces just go in to lala land.
NET10 and NET30 are in the same zone
What am I missing. thank you.
Best Answer
-
preston All-Knowing Sage ✭✭✭✭
@Cooper, if you are trying to ping the SonicWalls interface from another Zone you need to enable (enable management) in the firewall rule,
this will enable all the Managment Services though to the Interface like HTTPS management, Ping and SSH so if you want only ping put a seperate rule in from the source Zone to the Destination Zone, destination = Destination interface IP, destination port = ping action = allow.
Sorry forgot to explain, by defaults ping is classed as a management service when going to an interface so by default is only allowed from the same zone, so even though you have a rule for Allow, All it still doesn't allow ping, hence the rule specifically for Ping or enabling management
1
Answers
Thank you! It's the cross zone with a local management interface that was the cause. i tested the same zone and it worked, moved it back and it broke. made you changes.... your answer helped! thanks!