Firewall - Accessing Switch/ISP router connected to WAN

Created - Updated
Serhii Boiarynov
Idea generator
Great answers
Master (Platinum)
Print Friendly and PDF
Have more questions? Submit a request

This article shows how to access from a LAN to a Switch in front of the Firewall that isn't part of that LAN. Access will be configured by adding the same VLAN to the WAN interface of the Firewall and Switch port in front of the Firewall [USG FLEX, ATP, VPN Series]. The control interface of the Switch, which is located in front of the Firewall, will be assigned an IP address from the created VLAN.

All settings in this article will be made on "Device1" and "Device2", as shown in the figure below. All other devices are present for illustrative purposes.

mceclip0.png

To access the Switch through the WAN, you need to configure a VLAN on the Firewall(Device2), and the same VLAN must be configured on the Switch(Device1) in front of the Firewall(Device2). Also, the Switch's management interface (Device1) should be assigned the IP of the created VLAN. Then users from the Local Network can access the Switch(Device1).

 

Firewall configuration
Switch configuration

Firewall configuration

In this step, we will create a VLAN on the Firewall(Device2).

Go to ConfigurationNetworkInterfaceVLAN

1. Click "Add"

2. Set the checkbox "Enable Interface"

3. Set "general" in the "Interface Type" field

4. Set "VLAN10" in the "Interface Name" field (VLAN10 is taken as an example.)

5. Set "WAN" in the "Zone" field

6. Set "wan" in the "Base Port" field

7. Set "10" in the "VLAN ID" field

8. Set the necessary settings in the "IP Address Assignment" section. In our example, we have selected a specific range of issued addresses for our VLAN.

9. Click "OK"

mceclip2.png

mceclip1.png

 

Switch configuration

Note. Your Switch must support VLAN and static routing and must be able to assign an IP address from a specific VLAN to a management interface on your Switch. Typically, any Zyxel L2, L2+, or L3 Switch will support this, but we recommend you check this feature beforehand.

In the next step, we need to add the VLAN we created on our Firewall(Device2) to the Switch(Device1).

Go to Advanced ApplicationVLAN  ⇾ VLAN Configuration

mceclip10.png

Click on "Click Here" in the "Static VLAN Setup

mceclip7.png

1. Set the checkbox "ACTIVE"

2. Set "VLAN10" in the "Name" field (VLAN10 is taken as an example)

3. Set "10" in the "VLAN Group ID" field (VLAN10 is taken as an example)

4. On the port to which your Firewall is connected, set the following settings  - Mark "Fixed" in the "Control" column - Mark "Tx Tagging" in the "Tagging" column - All other ports can be marked as "Forbidden"

5. Click "OK"

mceclip6.png

mceclip3.png

Now we need to assign a new IP address to the management interface of our Switch(Device1). This IP must be from our VLAN.

Go to Basic SettingsIP Setup  ⇾ IP Configuration

mceclip13.png

Fill in all the necessary data in the "Management IP Addresses" block
1. Set the "IP address" of your Switch (it can be any address from your VLAN)

2. Set "IP Subnet Mask"  (It should be the mask of your VLAN)

3. Set "10" in the "VID" field (It should be the VID of your VLAN)

4. Set "Default Gateway" (It should be the IP address of your VLAN)

5. Click "Add"

mceclip0.png

mceclip0.png

Articles in this section

See more
Was this article helpful?
0 out of 0 found this helpful
Share

Comments

0 comments

Please sign in to leave a comment.