Changes

VLAN Inter-Zone accessibility control configuration example (view source)

Revision as of 14:00, 14 December 2022

1,936 bytes added ,  14:00, 14 December 2022
no edit summary
Line 68: Line 68:     
[[File:Newlycreatedfirewallzones.png|border|1000px|class=tlt-border|]]
 
[[File:Newlycreatedfirewallzones.png|border|1000px|class=tlt-border|]]
 +
 +
Now, to attach these zones to the corresponding interfaces, we need to go back to the Network Interfaces tab ('''Network -> Interfaces -> General'''). Click edit on the lan zone and navigate to Firewall settings. In Create / Assign firewall-zone section, select lan1:
 +
 +
[[File:Interfacesfireewallsettings.png|border|class=tlt-border|]]
 +
 +
Follow these steps to attach the corresponding zone to the interfaces:
 +
* lan2 interface – firewall zone lan2
 +
* lan3 interface – firewall zone lan3
 +
 +
==Inter-zone forwarding use examples==
 +
 +
To customize communication between VLANs, we will need to edit Inter-zone forwarding rules. Navigate back to the firewall settings ('''Network -> Firewall -> General settings''') and edit zones according to your needs.
 +
 +
----
 +
 +
Example: lan1 wants to communicate only with lan2:
 +
* lan1 settings: allow forward to destination zones: lan2
 +
* lan1 settings: allow forward from source zones: lan2
 +
* No need to change settings for the lan2 zone
 +
 +
If lan1 to lan2 communication is allowed, zone settings should look like this:
 +
 +
[[File:2022-12-14 12-52 lan1 and lan2.png|border|class=tlt-border|]]
 +
 +
Testing the communication between lan1 and lan2:
 +
 +
[[File:2022-12-14 12-54 pings work.png|border|class=tlt-border|]]
 +
 +
----
 +
 +
If we try to reach lan3 from lan1, where the forwarding is not set, the result would be this:
 +
 +
[[File:2022-12-14 12-56 pings not work.png|border|class=tlt-border|]]
 +
 +
To reach lan3 from lan1, edit lan3 zone accordingly:
 +
* allow forward to destination zones: lan1
 +
* allow forward from source zones: lan1
 +
 +
Zone settings after these changes should look like this:
 +
 +
[[File:2022-12-14 12-57 zones after changes.png|border|class=tlt-border|]]
 +
 +
Now the communication between lan1 and lan3 works:
 +
 +
[[File:2022-12-14 12-59 pings go.png|border|class=tlt-border|]]
 +
 +
Basically, using these examples as a base, you can allow / reject VLAN to VLAN communication between different VLANs according to your needs.
Retrieved from "https://wiki.teltonika-networks.com/view/Special:MobileDiff/100312"

Navigation menu