Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".


Need a separate internal network on TZ-500


I need to create a separate internal lan segment that has Internet access and DHCP. So I want it to not have access to anyone zones other than the WAN zone (so it can get internet access). Should I use a LAN zone as my zone type? I think I can create seperate DHCP address assignment for this zone (that is a non-used subnet). Once this is done, do I just assign this Zone to an unused interface (like X4 or X5) and write one access rule to give this Zone access to the WAN zone. Some quick steps would be helpful. Thanks

Category: Entry Level Firewalls


  • Options
    MarkDMarkD Cybersecurity Overlord ✭✭✭

    Depending on its use if you assign it the same LAN zone the default zone rules apply.

    If you assign this as a DMZ you have DMZ-WAN and LAN-DMZ but no DMZ to LAN without specific rules.

    you can create zones based on Trusted or Public and name them as you require.

    here's the KB article

  • Options
    DonDwildDonDwild Newbie ✭

    I just want this to be a separate internal lan segment with DHCP and Internet access.

  • Options
    LarryLarry All-Knowing Sage ✭✭✭✭

    The short answer to your original question is: Yes.

    Here's how I have my LAN and one of my LAB environments:

    You can then go to Access Rules to ensure isolation between your LAN and secondary environment.

Sign In or Register to comment.