Hello All -
I have been reviewing the forums for the past few days trying to figure out what is wrong with my current configuration but I am still having some issues so I thought I would reach out to see if you guys could help. I have a fairly basic setup that I am trying to achieve and I have things *mostly* working. What I am trying to do is allow inter-VLAN communication between my internal subnets (this works) with the exception of the DMZ subnet which I want to control via FW rules. Ideally, for traffic that needs to route between internal VLANs the switch would provide the correct route without referencing the firewall. If traffic needs to flow from the DMZ to another internal network, it should go through the firewall. Also, if traffic needs to leave the network and go out to the internet, it should go through the firewall.
I have 3 distinct subnets defined within my network:
- LAN1 which corresponds to my wireless network (also the same subnet as the Zyxel firewall)
- LAN2 which corresponds to my wired network of servers, NAS, etc.
- LAN3 which corresponds to my 'DMZ' which would contain anything that needs to be publicly facing (web servers, remote access devices, etc.)
I have a Layer 2 Managed Switch where I have defined VLANs and PVID on for each subnet but I am not doing tagging. The ports that are defined are passing untagged traffic. There is an IP interface for each subnet defined on the switch which I am using as the default gateway for devices. The default route for the switch corresponds to my Zyxel firewall.
On the Zyxel firewall, I have defined static routes for LAN2 and LAN3 which point back to the IP address of the LAN1 interface on the switch. I have defined all interfaces and zones accordingly on the Zyxel firewall. The only issue I am having currently is that when the firewall is enabled, I cannot access anything in LAN3 (DMZ) from my internal LAN1 despite creating a FW rule that explicitly allows this traffic flow. If I attempt this access via LAN2, I am able to access it successfully. As you can see from the attachment, LAN 1 is plugged into ports P2 & P3 and the DMZ (LAN3) is plugged into port P5. Specifically, I have a wireless AP plugged into port P3 and port P2 is directly connected to my switch. Port P5 is also directly connected to my switch but to a port that is only for LAN3 (untagged traffic).
I hope I have provided enough information and this makes sense to everyone. I appreciate any assistance you can provide! Thanks!!
↧