Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register
Options

TZ470 Multiple LAN interfaces, just talk to WAN not each other except a few devices between interfac

HSPC_ITHSPC_IT Newbie ✭
in Entry Level Firewalls

I'm setting up a TZ470 with two wired LANs (X0 and X2) and X3, X4 and X5 to groups of WAPs in different areas. Each interface has it's own subnet and DHCP range.

All the interfaces need to connect to the WAN (X1), but no traffic between them except devices on X4 need to connect to the main printer and server on X0 which have static IP addresses.

I have the interfaces and DHCP all setup, its just the access rules I'm confused on. For the "interfaces cannot talk to each other, do I do it in the LAN zone configuration with the "Allow interface trust" turned off? If so can I still add an allow rule for the two devices on X0? Or do I add a whole pile of deny rules denying every combination of interfaces? Or is there some other easier way to do this?

I know how to do the allow rule to the static addresses, it just how I setup the "deny everything to each other" but still allow a couple specific devices between two interfaces.

Thanks, John S.

Category: Entry Level Firewalls
Reply

Best Answer

  • Options
    CORRECT ANSWER
    ArkwrightArkwright All-Knowing Sage ✭✭✭✭
    Answer ✓

    The most straightforward way to do this would be to create a new zone for each one and put them all in their own zone. Create access rules to allow the traffic you want. No rule = no traffic allowed.

    Yes, you could achieve what you want by leaving them all in the LAN zone and creating the appropriate rules, but going against the "spirit" of zones creates more work for yourself for no benefit.

Answers

Sign In or Register to comment.