Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".


SonicOS Vlans and routing questions.

Hello, first of all say Hello to all the comunity since is my first post.

I was asked to configure a device Sonicwall, so frist I installed the Virtual app to figure out what I will face

System Information:

Model: NSv Unlicensed

Product Code: 70000

Firmware Version: SonicOS Enhanced

Safemode Version: SafeMode

ROM Version: SonicROM

I configured a few stuff, like Timezone, host name etc...

Them moved into network config. DHCP for the wan uplink using vmware bridge to wan port in my computer. Network tools say I have ping to google so it's ok now.

X1WAN Default LB Group

Them moved into LAN configured in static IP

X0 LAN Static 10 Gbps Full Duplex Default LAN

and created a DHCP server lease scope

Lease Detail #2

Type:   Dynamic

Range Start:

Range End:


Enabled:   Yes

Interface:   X0

Default Gateway:

Now I wake up a linux VM and made a few test

dhclient eth0

provides me a dinamyc IP from FW pool. and ping to google runs nice.   devuan   2022-06-23 07:53:53   00:0C:29:70:57:26   VMWARE   Dynamic

Well as per requiriments I have to learn how to deal with vlan so I investigate here:

So, the requirements are clear. I have to deal with 3 kinds of Vlan.

Lan acces +wan access.

Lan acces no wan access.

wan acces no lan acces.

  • Vlan 2 NO_LAN/WAN 
  • Vlan 99 LAN/NO_WAN 

 I used to use Mikrotik devices, and with subnets, vlans, some routes and FW rules I managed to acomplsih that. but I'm unable to acomplish it now with sonic wall.

I created the zones and the doubt assault me.

vlan 99 is a trusted zone one rigth? just lan traficc

vlan2 is untrusted one... wan traficc

But vlan3 is trusted or untrusted kind?

I ned more info about zones and the manual is not clear for me. let's moving forward:

1   LAN   Trusted   X0   Enabled         Enabled   Enabled   Enabled   Enabled            Enabled         Edit this entryThis item cannot be deleted

2   WAN   Untrusted   X1            Enabled   Enabled   Enabled   Enabled               Enabled      Edit this entryThis item cannot be deleted

3   DMZ   Public      Enabled                                       Edit this entryThis item cannot be deleted

4   VPN   Encrypted                                             Edit this entryThis item cannot be deleted

5   SSLVPN   SSLVPN                              Enabled               Edit this entryThis item cannot be deleted

6   MULTICAST   Untrusted                                             Edit this entryThis item cannot be deleted

7   Vlan 99 LAN/NO_WAN   Trusted   X0:V99   Enabled                                       Edit this entryDelete this entry

8   Vlan 2 NO_LAN/WAN   Public   X0:V2   Enabled                                       Edit this entryDelete this entry

9   VLAN3 LAN/WAN   Trusted   X0:V3   Enabled                                       Edit this entryDelete this entry

now created the vlans subinterfaces and asign the zones related to:

   X0:V2   Vlan 2 NO_LAN/WAN   Static   VLAN Sub-Interface

   X0:V3   VLAN3  LAN/WAN   Static   VLAN Sub-Interface

   X0:V99   Vlan 99 LAN/NO_WAN   Static   VLAN Sub-Interface

and added a dhcp lease for it:

Dynamic   Range: -   X0:V2

now on the linux box I cleared the lease on eth0,

dhclient eth0 -r

add the vlan config for wan link on vlan 2

vconfig add eth0 2

cat /proc/net/vlan/config

eth0.2        | 2 | eth0

and run dhclient on it

dhclient eth0.2

and it dies without lease. I tried to static asing ip and one inside dhcp range and one in the subnet but outside of range... nothing happens. no ping to FW. is realted to routes?

If I'm stuck making the vlans... I can't imagine myself doing other task..... o.0

any help is always welcome


PD: I really know my typing is more tham ugly, But I don't use correctors, don't copy paste from terminals and I dont re read post. sorry in advance :D

Category: Virtual Firewall


  • Options
    TKWITSTKWITS Community Legend ✭✭✭✭✭

    "vlan 99 is a trusted zone one rigth? just lan traficc

    vlan2 is untrusted one... wan traficc

    But vlan3 is trusted or untrusted kind?

    I ned more info about zones and the manual is not clear for me"

    Read up zone-based firewall concepts. "Trusted", "Public", etc. are set around what the traffic is considered. If you have an interface dedicated to a guest network (where anyone with wifi can connect) would you consider it "trusted" traffic. I wouldn't.

    VLANing in VM environments requires additional configuration in the environment. Without telling the environment about the VLANs, assigning a vlan on the VMs NIC won't do squat (as you have discovered).

Sign In or Register to comment.