Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 424 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Understanding Zones LAN

BBPromotion

Hi all

so I would need some refreshing in terms of zones on a XG Firewall.

So I have a couple of questions that simply dont get into my head:

1. I have a LAN interface where our coreswitch routes traffic to. Behind that I have like 5 subnets, all routed via coreswitch to the firewalls LAN interface. Does that mean that those subnets are on in the LAN zone although the interface is not in the same network?

2. Does Any or LAN or WAN really count in a rule when you define sources and destinations?

3. I dont have any LAN to LAN rule but traffic flows between the networks sitting behind the LAN interface where traffic is routed to by the coreswitch. Why is this possible?

Regards and thanks!

Matt



This thread was automatically locked due to age.
Parents
  • 0

    Zones are basically a other way of using Interfaces and everything behind a interface. If you use a Zone, it will include everything coming from this Interface.
    If you use LAN Zone, it will include all coming in traffic from this particular Interface. 
    Its a quick and simple solution to move away from IP notation (192.168.0.0/24 and 192.168.1.0/24 becomes LAN). 

    If you specify a certain host, it only applies after the zone is fetched. For example, if you specify 8.8.8.8 as a host and put it into LAN, it will never apply, as LAN usually does not generate traffic coming from 8.8.8.8. 

    LAN to LAN is only needed, if the traffic travels through XG.

    As you have a coreswitch, i assume, this box will take care of inter LAN traffic. Those traffic will not get to XG. 

Reply
  • 0

    Zones are basically a other way of using Interfaces and everything behind a interface. If you use a Zone, it will include everything coming from this Interface.
    If you use LAN Zone, it will include all coming in traffic from this particular Interface. 
    Its a quick and simple solution to move away from IP notation (192.168.0.0/24 and 192.168.1.0/24 becomes LAN). 

    If you specify a certain host, it only applies after the zone is fetched. For example, if you specify 8.8.8.8 as a host and put it into LAN, it will never apply, as LAN usually does not generate traffic coming from 8.8.8.8. 

    LAN to LAN is only needed, if the traffic travels through XG.

    As you have a coreswitch, i assume, this box will take care of inter LAN traffic. Those traffic will not get to XG. 

Children
No Data