Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

SonicOS Vlans and routing questions.

ZenitZenit Newbie ✭
in Virtual Firewall

Hello, first of all say Hello to all the comunity since is my first post.

I was asked to configure a device Sonicwall, so frist I installed the Virtual app to figure out what I will face

System Information:

Model: NSv Unlicensed

Product Code: 70000

Firmware Version: SonicOS Enhanced 6.5.4.4-44v-21-1519-9f66f06d

Safemode Version: SafeMode 6.5.0.0

ROM Version: SonicROM 5.0.0.0

I configured a few stuff, like Timezone, host name etc...

Them moved into network config. DHCP for the wan uplink using vmware bridge to wan port in my computer. Network tools say I have ping to google so it's ok now.

X1WAN Default LB Group

Them moved into LAN configured in static IP

X0 LAN 192.168.240.250 255.255.255.0 Static 10 Gbps Full Duplex Default LAN

and created a DHCP server lease scope

Lease Detail #2

Type:   Dynamic

Range Start:   192.168.240.1

Range End:   192.168.240.249

Subnet:   255.255.255.0

Enabled:   Yes

Interface:   X0

Default Gateway:   192.168.240.250


Now I wake up a linux VM and made a few test

dhclient eth0

provides me a dinamyc IP from FW pool. and ping to google runs nice.

192.168.240.243   devuan   2022-06-23 07:53:53   00:0C:29:70:57:26   VMWARE   Dynamic


Well as per requiriments I have to learn how to deal with vlan so I investigate here:


https://www.sonicwall.com/support/technical-documentation/docs/sonicos-7-0-0-0-system/Content/Interfaces/interfaces-settings-ipv4-config-virtual-interface-vlan.htm/


So, the requirements are clear. I have to deal with 3 kinds of Vlan.

Lan acces +wan access.

Lan acces no wan access.

wan acces no lan acces.

  • Vlan 2 NO_LAN/WAN 
  •  
  • VLAN3 LAN/WAN  
  •  
  • Vlan 99 LAN/NO_WAN 

 I used to use Mikrotik devices, and with subnets, vlans, some routes and FW rules I managed to acomplsih that. but I'm unable to acomplish it now with sonic wall.

I created the zones and the doubt assault me.

vlan 99 is a trusted zone one rigth? just lan traficc

vlan2 is untrusted one... wan traficc

But vlan3 is trusted or untrusted kind?

I ned more info about zones and the manual is not clear for me. let's moving forward:


1   LAN   Trusted   X0   Enabled         Enabled   Enabled   Enabled   Enabled            Enabled         Edit this entryThis item cannot be deleted

2   WAN   Untrusted   X1            Enabled   Enabled   Enabled   Enabled               Enabled      Edit this entryThis item cannot be deleted

3   DMZ   Public      Enabled                                       Edit this entryThis item cannot be deleted

4   VPN   Encrypted                                             Edit this entryThis item cannot be deleted

5   SSLVPN   SSLVPN                              Enabled               Edit this entryThis item cannot be deleted

6   MULTICAST   Untrusted                                             Edit this entryThis item cannot be deleted

7   Vlan 99 LAN/NO_WAN   Trusted   X0:V99   Enabled                                       Edit this entryDelete this entry

8   Vlan 2 NO_LAN/WAN   Public   X0:V2   Enabled                                       Edit this entryDelete this entry

9   VLAN3 LAN/WAN   Trusted   X0:V3   Enabled                                       Edit this entryDelete this entry


now created the vlans subinterfaces and asign the zones related to:

   X0:V2   Vlan 2 NO_LAN/WAN   192.168.207.250   255.255.255.0   Static   VLAN Sub-Interface

   X0:V3   VLAN3  LAN/WAN   192.168.208.250   255.255.255.0   Static   VLAN Sub-Interface

   X0:V99   Vlan 99 LAN/NO_WAN   192.168.211.250   255.255.255.0   Static   VLAN Sub-Interface


and added a dhcp lease for it:


Dynamic   Range: 192.168.207.1 - 192.168.207.249   X0:V2


now on the linux box I cleared the lease on eth0,

dhclient eth0 -r

add the vlan config for wan link on vlan 2

vconfig add eth0 2

cat /proc/net/vlan/config

eth0.2        | 2 | eth0


and run dhclient on it

dhclient eth0.2


and it dies without lease. I tried to static asing ip 192.168.207.252 and 192.168.207.245 one inside dhcp range and one in the subnet but outside of range... nothing happens. no ping to FW. is realted to routes?

If I'm stuck making the vlans... I can't imagine myself doing other task..... o.0

any help is always welcome

:D


PD: I really know my typing is more tham ugly, But I don't use correctors, don't copy paste from terminals and I dont re read post. sorry in advance :D

Category: Virtual Firewall
Reply

Comments

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    "vlan 99 is a trusted zone one rigth? just lan traficc

    vlan2 is untrusted one... wan traficc

    But vlan3 is trusted or untrusted kind?

    I ned more info about zones and the manual is not clear for me"


    Read up zone-based firewall concepts. "Trusted", "Public", etc. are set around what the traffic is considered. If you have an interface dedicated to a guest network (where anyone with wifi can connect) would you consider it "trusted" traffic. I wouldn't.

    VLANing in VM environments requires additional configuration in the environment. Without telling the environment about the VLANs, assigning a vlan on the VMs NIC won't do squat (as you have discovered).

Sign In or Register to comment.