Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 11530 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Compartmentalize vlans...

Greg Rogers

What is a good way to compartmentalize vlans from each other through the XG?

Say I have general lan (vlan1) and I don't want vlan1 to talk to vlan50, or vlan50 to talk to vlan60. 



This thread was automatically locked due to age.
Parents
  • 0

    Hi Greg ,

    First, the VLAN routing must be done by XG otherwise you may need to manage that on the switch using access rules. 

    If Inter-VLAN routing is configured then you may use LAN to LAN rules and mention the specific rules e.g. Src_Zone:LAN ,Src_network:VLAN50, Dest_Zone:LAN,Dest_network VLAN 60 Action Accept

    You do not need to create a LAN to LAN rule with host mentioned as ANY. If you have created such rules then you may need to create a Reject rule specified earlier and position on the top of that rule. 

    By default, if the specified rules and mentioned the network/host not listed will be dropped by default.

Reply
  • 0

    Hi Greg ,

    First, the VLAN routing must be done by XG otherwise you may need to manage that on the switch using access rules. 

    If Inter-VLAN routing is configured then you may use LAN to LAN rules and mention the specific rules e.g. Src_Zone:LAN ,Src_network:VLAN50, Dest_Zone:LAN,Dest_network VLAN 60 Action Accept

    You do not need to create a LAN to LAN rule with host mentioned as ANY. If you have created such rules then you may need to create a Reject rule specified earlier and position on the top of that rule. 

    By default, if the specified rules and mentioned the network/host not listed will be dropped by default.

Children
No Data