Questions

lan to lan rule with sonicwall pro2040 enhanced

+
0 Votes
Locked

lan to lan rule with sonicwall pro2040 enhanced

Hello,
I had a question about a lan to lan rule. I have two pc's sitting on my internal network attached to the same cisco switch. My main sonicwall pro2040 is attached to that cisco switch as well giving everyone interent access. I would like to keep pc A from access pc B in any way. Would a lan to lan access rule do this for me, or do those two pc's even go to the firewall when they are trying to communicate with each other on our internal network? I am guessing that lan to lan rules are for certain servers, ect.. that are connected to the additonal 'x' ports on the firewall? Any help would be appreciated. Thanks
+
0 Votes
christianshiflet
Collapse -

Is it that you want every computer on the LAN isolated or that there are a few groups that should be able to talk amongst themselves but not to every lan member? If it is the latter, it would seem like VLANs are what you really want to setup. Depending on what capabilities your switch has, that is where you would set them up.

As for the router rules, the switch is unlikely to forward LAN traffic to the router if both sender and recipient are on the same network. I suppose you could make each IP its own network limited by subnet mask to force them to route to the default gateway and try to block it from the router that way, but I have never had the need to do so.

Let me know if this helps or you have other questions. Thanks.

+
0 Votes
NetMan1958
Collapse -

Dpending on the model of Cisco switch you are using, you can configure a VACL(VLAN ACL) on the switch to filter traffic between hosts on the same VLAN/subnet.

+
0 Votes
Collapse -

I figured that vlans were the way to go. does the router need to have vlan capability, or just the switches that the pc's sit on? thanks

+
0 Votes
NetMan1958
Collapse -

VACLs are configured on the switch but not all models of Cisco switches support them. What model is your switch? Another option that might work if your switch doesn't suuport VACLs is PACLs(port access control lists). Are the PCs you want to prevent communicating with other on the same subnet or different subnets. If they are on different subnets then a router ACL will do the trick.

+
0 Votes
Collapse -

on the same subnet. which is why i figured that if pc A tried to communicate with pc B it wouldnt even hit the firewall because they are on the same switch and same subnet. I haevnt worked with vlan's before, but this switch does support vlan. I just didnt know if the router had to support vlans as well. I will study up on vlan configs and go that route. thanks for the help.

+
0 Votes
christianshiflet
Collapse -

You should be okay. The port that connects the switch to the router just needs to be setup on the switch as a trunk for all established VLANs. As an aside, though, the SonicWall Pro2040 does support VLANs with its enhanced OS and firmware 4.X. Earlier versions of the firmware do not support VLANs.