New Feature                                               Need help? Try our Zyxel Search AI feature Try Now!

Firewall - Accessing Switch/ISP router connected to WAN ATP / USG FLEX Series icon

Avatar
Raphael
  • Updated

This article shows how to access from a LAN to a Switch in front of the Firewall that isn't part of that LAN. Access will be configured by adding the same VLAN to the WAN interface of the Firewall and Switch port in front of the Firewall [USG FLEX, ATP, VPN Series]. The control interface of the Switch, which is located in front of the Firewall, will be assigned an IP address from the created VLAN.

All settings in this article will be made on "Device1" and "Device2", as shown in the figure below. All other devices are present for illustrative purposes.

mceclip0.png

To access the Switch through the WAN, you need to configure a VLAN on the Firewall(Device2), and the same VLAN must be configured on the Switch(Device1) in front of the Firewall(Device2). Also, the Switch's management interface (Device1) should be assigned the IP of the created VLAN. Then users from the Local Network can access the Switch(Device1).

 

Firewall configuration
Switch configuration

Firewall configuration

In this step, we will create a VLAN on the Firewall(Device2).

Go to ConfigurationNetworkInterfaceVLAN

1. Click "Add"

2. Set the checkbox "Enable Interface"

3. Set "general" in the "Interface Type" field

4. Set "VLAN10" in the "Interface Name" field (VLAN10 is taken as an example.)

5. Set "WAN" in the "Zone" field

6. Set "wan" in the "Base Port" field

7. Set "10" in the "VLAN ID" field

8. Set the necessary settings in the "IP Address Assignment" section. In our example, we have selected a specific range of issued addresses for our VLAN.

9. Click "OK"

mceclip2.png

mceclip1.png

 

Switch configuration

Note. Your Switch must support VLAN and static routing and must be able to assign an IP address from a specific VLAN to a management interface on your Switch. Typically, any Zyxel L2, L2+, or L3 Switch will support this, but we recommend you check this feature beforehand.

In the next step, we need to add the VLAN we created on our Firewall(Device2) to the Switch(Device1).

Go to Advanced ApplicationVLAN  ⇾ VLAN Configuration

mceclip10.png

Click on "Click Here" in the "Static VLAN Setup

mceclip7.png

1. Set the checkbox "ACTIVE"

2. Set "VLAN10" in the "Name" field (VLAN10 is taken as an example)

3. Set "10" in the "VLAN Group ID" field (VLAN10 is taken as an example)

4. On the port to which your Firewall is connected, set the following settings  - Mark "Fixed" in the "Control" column - Mark "Tx Tagging" in the "Tagging" column - All other ports can be marked as "Forbidden"

5. Click "OK"

mceclip6.png

mceclip3.png

Now we need to assign a new IP address to the management interface of our Switch(Device1). This IP must be from our VLAN.

Go to Basic SettingsIP Setup  ⇾ IP Configuration

mceclip13.png

Fill in all the necessary data in the "Management IP Addresses" block
1. Set the "IP address" of your Switch (it can be any address from your VLAN)

2. Set "IP Subnet Mask"  (It should be the mask of your VLAN)

3. Set "10" in the "VID" field (It should be the VID of your VLAN)

4. Set "Default Gateway" (It should be the IP address of your VLAN)

5. Click "Add"

mceclip0.png

mceclip0.png

Related articles

Comments

0 comments

Please sign in to leave a comment.