Separate VLANs on a ZyWALL/USG
When you have configured several VLANs which are all belong into the same zone (for example LAN1), it is possible that the VLANs can communicate to each other, without configured a route. Follow this step by step guide to prevent this.
The IP addresses which are used are only examples please use your own IP addresses.
- Check if the VLANs are in the same Zone
Go to Configuration > Object > Zone > System Default look if two or more VLANs are in the same zone like this.
- Creating VLANs
Go to Configuration > Object > Address/Geo IP > Address. Now create for every VLAN an object. Click Add and give the rule a name (in this example VLAN10). Set Address Type to SUBNET and type in the VLANs IP address and mask. Repeat this step for ALL your VLANs.
- Set up the Policy Rule
Go to Configuration > Security Policy > Policy Control > IPv4 Configuration. Now set up the following steps: Click on Add and give the rule a name like VLAN_BLOCK or something.
As example: To block the traffic between VLAN10 and VLAN20 set the source to the created VLAN10 and the destination to VLAN 20. The action of the rule is “deny”.
- Test the result
When you now try to ping a device from VLAN10 to VLAN20 the Policy Control has rejected it. When you go to Monitor > Log, you can see here that the access got blocked.