Separate VLANs on a ZyWALL/USG
Guide:
1. Check if the VLANs are in the same zone
Scenario description:
When you have configured several VLANs which all belong to the same zone (for example LAN1), it is possible that the VLANs can communicate with each other, without configuring a route. Follow this step-by-step guide to prevent this.
Note:
The IP addresses which are used are only examples please use your own IP addresses.
- Check if the VLANs are in the same Zone
Go to Configuration > Object > Zone > System Default looks if two or more VLANs are in the same zone like this.
- Creating VLANs
Go to Configuration > Object > Address/Geo IP > Address. Now create for every VLAN an object. Click Add and give the rule a name (in this example VLAN10). Set Address Type to SUBNET and type in the VLANs IP address and mask. Repeat this step for ALL your VLANs.
- Set up the Policy Rule
Go to Configuration > Security Policy > Policy Control > IPv4 Configuration. Now set up the following steps: Click on Add and give the rule a name like VLAN_BLOCK or something.
As an example: To block the traffic between VLAN10 and VLAN20 set the source to the created VLAN10 and the destination to VLAN 20. The action of the rule is “deny”.
- Test the result
When you now try to ping a device from VLAN10 to VLAN20 the Policy Control has rejected it. When you go to Monitor > Log, you can see here that the access got blocked.
Comments
0 commentsPlease sign in to leave a comment.