VLAN - VLAN routing
CaseyH
Newbie ✭
I have a SonicWall 270 series firewall. I am having some difficulties setting up VLAN to VLAN communications.
I have a single interface connected to ESXI with VLAN sub-interfaces configured.
From a host machine sitting on one of the VLANs, I am able to ping the interface IP of the VLAN on the SonicWall, but I cannot ping through to another VLAN.
I ran a packet capture on the firewall and noticed the following error message: Drop Code: 61(Classical mode, ARP bridge not supported)
Any ideas/help would be greatly appreciated.
Category: Entry Level Firewalls
0
Answers
Show us your Zones and Interface pages.
All LAN zones
The only problem VLAN seems to be 1171 now. All other VLANs can ping each other without a problem. Nothing except the sonicwall can ping the 1171 VLAN hosts. Hosts can see the 1171 interface.
It is a very default setup.
Having all your VLANs in the same Zone is bad practice. The whole point of VLAN-ing is traffic separation. Putting them all in the same zone effectively negates having a firewall / UTM device.
They were added to the same zone simplify the issue. Understand it is not best practice.
Still does not explain why one single VLAN is unidirectional with default rules and zones.
Screenshot above is a pcap from a ping on a 1140 host to 1171 host. You can see the ping gets forwarded correctly but no response.
Screenshot above is a pcap from a ping on 1171 host to 1140 host. You can see the ping is properly forwarded.
Any thoughts?