VLAN Inter-Zone accessibility control configuration example: Difference between revisions

← Older edit

VisualWikitext

@@ Line 1: / Line 1: @@
-<p style="color:red">The information in this page is updated in accordance with firmware version '''[https://wiki.teltonika-networks.com/view/FW_%26_SDK_Downloads 00.07.09.01]'''.
+<p style="color:red">The information on this page is updated in accordance with firmware version '''[https://wiki.teltonika-networks.com/view/FW_%26_SDK_Downloads 00.07.13.1]'''.
 ==Introduction==
 In this example we will show how to manage VLAN to VLAN communication with either '''one''' firewall zone or '''multiple''' firewall zones.
-If you're having trouble finding any page or some of the parameters described here on your device's WebUI, you should turn on '''"Advanced WebUI"''' mode. You can do that by clicking the '''"Advanced"''' button which is located at the top-right corner of the WebUI.
-[[File:Networking rutos manual webui basic advanced mode 75.gif|border|class=tlt-border|1004x1004px]]
 ==Setting up VLANs==
-In this example, we are assuming that the VLANs are already set up, we will configure the firewall accordingly. If you need information on how to create VLANs on your device please refer to this artice: [[VLAN_Set_Up|VLAN set up]]. For this article we have 3 separate VLANs created:
+In this example, we are assuming that the VLANs are already set up; we will configure the firewall accordingly. If you need information on how to create VLANs on your device, please refer to this article: [[VLAN_Set_Up|VLAN set up]]. For this article, we have 3 separate VLANs created:
 *lan  | IP 192.168.1.1/24
 *lan2 | IP 192.168.2.1/24
@@ Line 29: / Line 26: @@
 [[File:Allowlan1tolan2pingoriginal.png|border|class=tlt-border|]]
-To disable VLAN to VLAN communication, navigate to '''Network -> Firewall -> General Settings'''. Press '''Edit''' on the '''LAN''' zone (lan -> wan).
+To disable VLAN to VLAN communication, navigate to '''Network -> Firewall -> Zones'''. Press '''Edit''' on the '''LAN''' zone (lan => wan).
-[[File:Lan zone edit.png|border|1100px|class=tlt-border|]]
+[[File:Editfwzonev2.png|border|1100x1100px]]
-Click on '''Forward''' and select '''Drop or Reject'''. Make sure that all created VLANs are added in the Covered networks tab:
+Click on '''Intra zone forward''' and select '''Drop or Reject'''. Make sure that all created VLANs are added in the Covered networks tab:
-[[File:Disablevlantovlandefaultv2.png|border|class=tlt-border|]]
+[[File:Disablevlan2vlandefaultv3.png|border]]
 Now if we try to reach lan2 from lan, the devices are not able to communicate:
@@ Line 47: / Line 44: @@
 [[File:3zonetopology.png|600px|border|class=tlt-border]]
-To start with, we will need to create new firewall zones: LAN1, LAN2 and LAN3. To add new zones, navigate to '''Network -> Firewall -> General Settings'''. In the Zones section, press [[File:Add Button.png|60x90px]] to add a new zone.
+To start with, we will need to create new firewall zones: LAN1, LAN2 and LAN3. To add new zones, navigate to '''Network -> Firewall -> Zones'''. In the Zones section, press [[File:Add Button.png|60x90px]] to add a new zone.
-[[File:Addnewfwzone1v1.png|border|1100px|class=tlt-border|]]
+[[File:Addnewfwzone1v2.png|border|1100x1100px]]
 A new window will open, there configure the settings according to the points below and press [[File:Save & Apply.png|100x30px]].:
@@ Line 55: / Line 52: @@
 <tr>
 <th width=400; style="border-bottom: 1px solid white;></th>
-<th width=600; style="border-bottom: 1px solid white"; rowspan=2>[[File:Lan1zonesettingsv2.png|border|class=tlt-border|right]]</th>
+<th width=600; style="border-bottom: 1px solid white"; rowspan=2>[[File:Interzonecreationv3.png|border|right]]</th>
 </tr>
 <tr>
@@ Line 62: / Line 59: @@
 # Input: '''Accept'''
 # Output: '''Accept'''
-# Forward: '''Reject'''
+# Intra zone forward: '''Reject'''
 # Covered networks: '''lan'''
 </td>
 </tr>
 </table>
-'''Note''': By setting the Input and Output zones to '''Accept''' traffic is allowed to enter and leave the zone. '''Forward: Reject''' blocks communication between zones - this is a default policy. '''Inter-zone forwarding''' section can be used to modify the default behavior of the Forward zone and allow communication between zones.
+'''Note''': By setting the Input and Output zones to '''Accept''' traffic is allowed to enter and leave the zone. '''Intra zone forward: Reject''' blocks communication between zones - this is a default policy. '''Inter-zone forwarding''' section can be used to modify the default behavior of the Forward zone and allow communication between zones.
 ----
@@ Line 78: / Line 75: @@
 * Input: '''Accept'''
 * Output: '''Accept'''
-* Forward: '''Reject'''
+* Intra zone forward: '''Reject'''
 * Covered networks: '''lan2'''
@@ Line 86: / Line 83: @@
 * Input: '''Accept'''
 * Output: '''Accept'''
-* Forward: '''Reject'''
+* Intra zone forward: '''Reject'''
 * Covered networks: '''lan3'''
@@ Line 96: / Line 93: @@
 ==Inter-zone forwarding use examples==
-To customize communication between VLANs, we will need to edit Inter-zone forwarding rules. Navigate back to the firewall settings ('''Network -> Firewall -> General settings''') and edit zones according to your needs.
+To customize communication between VLANs, we will need to edit Inter-zone forwarding rules. Navigate back to the firewall settings ('''Network -> Firewall -> Zones''') and edit zones according to your needs.
 ----
@@ Line 104: / Line 101: @@
 <tr>
 <th width=400; style="border-bottom: 1px solid white;></th>
-<th width=600; style="border-bottom: 1px solid white"; rowspan=2>[[File:Interzoneforwarding.png|border|class=tlt-border|right]]</th>
+<th width=600; style="border-bottom: 1px solid white"; rowspan=2>[[File:Intervlanzoneforwardv3.png|border|right]]</th>
 </tr>
 <tr>