VLAN Inter-Zone accessibility control configuration example: Difference between revisions
Justas.Cip (talk | contribs) No edit summary |
Justas.Cip (talk | contribs) No edit summary |
||
Line 3: | Line 3: | ||
In this example we will show how to manage VLAN to VLAN communication with either '''one''' firewall zone or '''multiple''' firewall zones. | In this example we will show how to manage VLAN to VLAN communication with either '''one''' firewall zone or '''multiple''' firewall zones. | ||
If you're having trouble finding any page or some of the parameters described here on your device's WebUI, you should turn on '''"Advanced WebUI"''' mode. You can do that by | If you're having trouble finding any page or some of the parameters described here on your device's WebUI, you should turn on '''"Advanced WebUI"''' mode. You can do that by clicking the '''"Basic"''' button under '''"Mode"''' which is located at the top-right corner of the WebUI. | ||
[[File:Basic WebUI Advanced.gif|border|class=tlt-border|1004x1004px]] | [[File:Basic WebUI Advanced.gif|border|class=tlt-border|1004x1004px]] | ||
Line 18: | Line 18: | ||
==VLAN to VLAN communication with one firewall zone== | ==VLAN to VLAN communication with one firewall zone== | ||
Initially, when we create VLAN interfaces, all VLANs are able to communicate with each other, for example pinging from lan to lan2: | |||
[[File:Allowlan1tolan2pingoriginal.png|border|class=tlt-border|]] | |||
To disable VLAN to VLAN communication, navigate to '''Network -> Firewall -> General Settings'''. Press '''Edit''' on the '''LAN''' zone (lan -> wan), click on '''Forward''' and select '''Drop or Reject'''. Make sure that all created LAN‘s are added in the Covered networks tab: | |||
[[File:Disablevlantovlandefault.png|border|class=tlt-border|]] | |||
Now if we try to reach lan2 from lan, here's what happens: | |||
[[File:Hereswhathappens.png|border|class=tlt-border|]] |
Revision as of 11:33, 14 December 2022
Main Page > General Information > Configuration Examples > Router control and monitoring > VLAN Inter-Zone accessibility control configuration exampleIntroduction
In this example we will show how to manage VLAN to VLAN communication with either one firewall zone or multiple firewall zones.
If you're having trouble finding any page or some of the parameters described here on your device's WebUI, you should turn on "Advanced WebUI" mode. You can do that by clicking the "Basic" button under "Mode" which is located at the top-right corner of the WebUI.
Setting up VLANs
In this example, we are assuming that the VLANs are already set up, we will configure the firewall accordingly. If you need information on how to create VLANs on your device please refer to this artice: VLAN set up. For this article we have 3 separate VLANs created:
- lan | IP 192.168.1.1/24
- lan2 | IP 192.168.2.1/24
- lan3 | IP 192.168.3.1/24
Created VLANs in the WebUI should look similar to this:
VLAN to VLAN communication with one firewall zone
Initially, when we create VLAN interfaces, all VLANs are able to communicate with each other, for example pinging from lan to lan2:
To disable VLAN to VLAN communication, navigate to Network -> Firewall -> General Settings. Press Edit on the LAN zone (lan -> wan), click on Forward and select Drop or Reject. Make sure that all created LAN‘s are added in the Covered networks tab:
Now if we try to reach lan2 from lan, here's what happens: