Teltonika Networks Wiki

Changes

VLAN Inter-Zone accessibility control configuration example (view source)

Revision as of 14:42, 2 August 2023

674 bytes added ,  14:42, 2 August 2023
no edit summary
Line 1: Line 1:  +
<p style="color:red">The information in this page is updated in accordance with firmware version '''[https://wiki.teltonika-networks.com/view/FW_%26_SDK_Downloads 00.07.03]'''.
 +
 
==Introduction==
 
==Introduction==
   Line 18: Line 20:     
==VLAN to VLAN communication with one firewall zone==
 
==VLAN to VLAN communication with one firewall zone==
 +
 +
Once VLANs are created - they lay under one firewall zone, here is a Topology of the network and the zone which covers all 3 of VLANs:
 +
 +
[[File:Topo one zone vlans.jpg|600px|border|class=tlt-border]]
    
Initially, when we create VLAN interfaces, all VLANs are able to communicate with each other, for example pinging from lan to lan2:
 
Initially, when we create VLAN interfaces, all VLANs are able to communicate with each other, for example pinging from lan to lan2:
Line 33: Line 39:  
==VLAN to VLAN communication with inter-zone forwarding==
 
==VLAN to VLAN communication with inter-zone forwarding==
   −
In order to get more control over VLANs, an '''inter-zone''' forwarding functionality should be used. To start with, we will need to create new firewall zones: LAN1, LAN2 and LAN3. To add new zones, navigate to '''Network -> Firewall -> General Settings'''. In the Zones section, press ADD button to add a new zone.
+
In order to get more control over VLANs, an '''inter-zone''' forwarding functionality should be used. Here is a network topology with firewall zones and an explanation.
 +
 
 +
[[File:3zonetopology.png|600px|border|class=tlt-border]]
 +
 
 +
To start with, we will need to create new firewall zones: LAN1, LAN2 and LAN3. To add new zones, navigate to '''Network -> Firewall -> General Settings'''. In the Zones section, press ADD button to add a new zone.
    
[[File:Addnewfwzone1.png|border|1000px|class=tlt-border|]]
 
[[File:Addnewfwzone1.png|border|1000px|class=tlt-border|]]
Line 45: Line 55:  
* Covered networks: lan
 
* Covered networks: lan
   −
'''Note''': We set up Input and Output zone settings as Accept, this allows traffic to leave and reach this zone. Forward: Reject acts as a default policy - we modify this one via Inter-zone forwarding section.
+
'''Note''': By setting the Input and Output zones to '''Accept''' traffic is allowed to enter and leave the zone. '''Forward: Reject''' blocks communication between zones - this is a default policy. '''Inter-zone forwarding''' section can be used to modify the default behavior of the Forward zone and allow communication between zones.
    
[[File:Lan1zonesettings.png|border|class=tlt-border|]]
 
[[File:Lan1zonesettings.png|border|class=tlt-border|]]
Line 119: Line 129:     
Using these examples as a base, you can allow / reject VLAN to VLAN communication between different VLANs according to your needs.
 
Using these examples as a base, you can allow / reject VLAN to VLAN communication between different VLANs according to your needs.
 +
[[Category:Router control and monitoring]]
Retrieved from "https://wiki.teltonika-networks.com/view/Special:MobileDiff/100428...109621"