lan to lan rule with sonicwall pro2040 enhanced

By rlynch@lockhartcadillac. ·
I had a question about a lan to lan rule. I have two pc's sitting on my internal network attached to the same cisco switch. My main sonicwall pro2040 is attached to that cisco switch as well giving everyone interent access. I would like to keep pc A from access pc B in any way. Would a lan to lan access rule do this for me, or do those two pc's even go to the firewall when they are trying to communicate with each other on our internal network? I am guessing that lan to lan rules are for certain servers, ect.. that are connected to the additonal 'x' ports on the firewall? Any help would be appreciated. Thanks

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Re: lan to lan

by christianshiflet In reply to lan to lan rule with soni ...

Is it that you want every computer on the LAN isolated or that there are a few groups that should be able to talk amongst themselves but not to every lan member? If it is the latter, it would seem like VLANs are what you really want to setup. Depending on what capabilities your switch has, that is where you would set them up.

As for the router rules, the switch is unlikely to forward LAN traffic to the router if both sender and recipient are on the same network. I suppose you could make each IP its own network limited by subnet mask to force them to route to the default gateway and try to block it from the router that way, but I have never had the need to do so.

Let me know if this helps or you have other questions. Thanks.

Collapse -


by NetMan1958 In reply to lan to lan rule with soni ...

Dpending on the model of Cisco switch you are using, you can configure a VACL(VLAN ACL) on the switch to filter traffic between hosts on the same VLAN/subnet.

Collapse -


by rlynch@lockhartcadillac. In reply to VACL

I figured that vlans were the way to go. does the router need to have vlan capability, or just the switches that the pc's sit on? thanks

Collapse -


by NetMan1958 In reply to thanks

VACLs are configured on the switch but not all models of Cisco switches support them. What model is your switch? Another option that might work if your switch doesn't suuport VACLs is PACLs(port access control lists). Are the PCs you want to prevent communicating with other on the same subnet or different subnets. If they are on different subnets then a router ACL will do the trick.

Collapse -

they are

by rlynch@lockhartcadillac. In reply to VACLs

on the same subnet. which is why i figured that if pc A tried to communicate with pc B it wouldnt even hit the firewall because they are on the same switch and same subnet. I haevnt worked with vlan's before, but this switch does support vlan. I just didnt know if the router had to support vlans as well. I will study up on vlan configs and go that route. thanks for the help.

Collapse -


by christianshiflet In reply to they are

You should be okay. The port that connects the switch to the router just needs to be setup on the switch as a trunk for all established VLANs. As an aside, though, the SonicWall Pro2040 does support VLANs with its enhanced OS and firmware 4.X. Earlier versions of the firmware do not support VLANs.

Related Discussions

Related Forums