Line 1: |
Line 1: |
| + | <p style="color:red">The information in this page is updated in accordance with firmware version '''[https://wiki.teltonika-networks.com/view/FW_%26_SDK_Downloads 00.07.03]'''. |
| + | |
| ==Introduction== | | ==Introduction== |
| | | |
Line 15: |
Line 17: |
| Created VLANs in the WebUI should look similar to this: | | Created VLANs in the WebUI should look similar to this: |
| | | |
− | [[File:3vlansforintervlan.png|border|class=tlt-border|]] | + | [[File:3vlansforintervlans.png|border|class=tlt-border]] |
| | | |
| ==VLAN to VLAN communication with one firewall zone== | | ==VLAN to VLAN communication with one firewall zone== |
| + | |
| + | Once VLANs are created - they lay under one firewall zone, here is a Topology of the network and the zone which covers all 3 of VLANs: |
| + | |
| + | [[File:Topo one zone vlans.jpg|600px|border|class=tlt-border]] |
| | | |
| Initially, when we create VLAN interfaces, all VLANs are able to communicate with each other, for example pinging from lan to lan2: | | Initially, when we create VLAN interfaces, all VLANs are able to communicate with each other, for example pinging from lan to lan2: |
Line 33: |
Line 39: |
| ==VLAN to VLAN communication with inter-zone forwarding== | | ==VLAN to VLAN communication with inter-zone forwarding== |
| | | |
− | In order to get more control over VLANs, an '''inter-zone''' forwarding functionality should be used. To start with, we will need to create new firewall zones: LAN1, LAN2 and LAN3. To add new zones, navigate to '''Network -> Firewall -> General Settings'''. In the Zones section, press ADD button to add a new zone. | + | In order to get more control over VLANs, an '''inter-zone''' forwarding functionality should be used. Here is a network topology with firewall zones and an explanation. |
| + | |
| + | [[File:3zonetopology.png|600px|border|class=tlt-border]] |
| + | |
| + | To start with, we will need to create new firewall zones: LAN1, LAN2 and LAN3. To add new zones, navigate to '''Network -> Firewall -> General Settings'''. In the Zones section, press ADD button to add a new zone. |
| | | |
| [[File:Addnewfwzone1.png|border|1000px|class=tlt-border|]] | | [[File:Addnewfwzone1.png|border|1000px|class=tlt-border|]] |
Line 44: |
Line 54: |
| * Forward: Reject | | * Forward: Reject |
| * Covered networks: lan | | * Covered networks: lan |
| + | |
| + | '''Note''': By setting the Input and Output zones to '''Accept''' traffic is allowed to enter and leave the zone. '''Forward: Reject''' blocks communication between zones - this is a default policy. '''Inter-zone forwarding''' section can be used to modify the default behavior of the Forward zone and allow communication between zones. |
| | | |
| [[File:Lan1zonesettings.png|border|class=tlt-border|]] | | [[File:Lan1zonesettings.png|border|class=tlt-border|]] |
Line 49: |
Line 61: |
| ---- | | ---- |
| | | |
− | Follow the same steps to create Firewall Zones lan2 and lan3. Lan2 zone settings: | + | Follow the same steps to create Firewall Zones '''lan2''' and '''lan3'''. '''Lan2''' zone settings: |
| | | |
| * Name: lan2 | | * Name: lan2 |
Line 57: |
Line 69: |
| * Covered networks: lan2 | | * Covered networks: lan2 |
| | | |
− | Lan3 zone settings: | + | '''Lan3''' zone settings: |
| | | |
| * Name: lan3 | | * Name: lan3 |
Line 85: |
Line 97: |
| ---- | | ---- |
| | | |
− | Example: lan1 wants to communicate only with lan2: | + | Example: '''lan1''' wants to communicate only with '''lan2''': |
| * lan1 settings: allow forward to destination zones: lan2 | | * lan1 settings: allow forward to destination zones: lan2 |
| * lan1 settings: allow forward from source zones: lan2 | | * lan1 settings: allow forward from source zones: lan2 |
| * No need to change settings for the lan2 zone | | * No need to change settings for the lan2 zone |
| | | |
− | If lan1 to lan2 communication is allowed, zone settings should look like this: | + | If '''lan1''' to '''lan2''' communication is allowed, zone settings should look like this: |
| | | |
| [[File:2022-12-14 12-52 lan1 and lan2.png|border|class=tlt-border|]] | | [[File:2022-12-14 12-52 lan1 and lan2.png|border|class=tlt-border|]] |
| | | |
− | Testing the communication between lan1 and lan2: | + | Testing the communication between '''lan1''' and '''lan2''': |
| | | |
| [[File:2022-12-14 12-54 pings work.png|border|class=tlt-border|]] | | [[File:2022-12-14 12-54 pings work.png|border|class=tlt-border|]] |
Line 100: |
Line 112: |
| ---- | | ---- |
| | | |
− | If we try to reach lan3 from lan1, where the forwarding is not set, the result would be this: | + | If we try to reach '''lan3''' from '''lan1''', where the forwarding is not set, the result would be this: |
| | | |
| [[File:2022-12-14 12-56 pings not work.png|border|class=tlt-border|]] | | [[File:2022-12-14 12-56 pings not work.png|border|class=tlt-border|]] |
| | | |
− | To reach lan3 from lan1, edit lan3 zone accordingly: | + | To reach '''lan3''' from '''lan1''', edit '''lan3''' zone accordingly: |
| * allow forward to destination zones: lan1 | | * allow forward to destination zones: lan1 |
| * allow forward from source zones: lan1 | | * allow forward from source zones: lan1 |
Line 112: |
Line 124: |
| [[File:2022-12-14 12-57 zones after changes.png|border|class=tlt-border|]] | | [[File:2022-12-14 12-57 zones after changes.png|border|class=tlt-border|]] |
| | | |
− | Now the communication between lan1 and lan3 works: | + | Now the communication between '''lan1''' and '''lan3''' works: |
| | | |
| [[File:2022-12-14 12-59 pings go.png|border|class=tlt-border|]] | | [[File:2022-12-14 12-59 pings go.png|border|class=tlt-border|]] |
| | | |
− | Basically, using these examples as a base, you can allow / reject VLAN to VLAN communication between different VLANs according to your needs.
| + | Using these examples as a base, you can allow / reject VLAN to VLAN communication between different VLANs according to your needs. |
| + | [[Category:Router control and monitoring]] |