usg40 papameters

Options
Dear Sir

We have been having serious problems with our inhouse zyxel (USG 40).

What I want to achieve is total isolation between Lan1 (192.168.1.x) and Lan2 (192.168.40.x).

 

Since these are two different lans they should not ping each other. In the first case lan1 does not ping the 192.168.40.x network.

But in the second case lan2 pings certain IPs from the lan1 network (i.e the default gateway which is 192.168.1.200)

 

We have two output interfaces WAN and OPT. Our requirements is that LAN1 --> WAN

                                                                                                                                 LAN2--> OPT

WHat I Want to achieve is total isolation between LAN1 and LAN2 as stated above.

 

I have also a serious problem with the LAN1 network.

I have recently added a structured vlan network on LAN 1. 

I created these vlans on  managed switches ( vlan 10,20,30). having default gateway LAN1 ( 192.168.1.200)

 

How can I create a tagged (trunk) connection on the zyxel (that includes vlan 1,10,20.30) from lan 1 that  connects to the managed switches ?

As it is configured now all vlans 10,20,30 do not get any reply from the default.gateway ( 192.168.1.200) even though we have added static routes

192.168.10.x

192.168.20.x

192.168.30.x 

all vlans to go to the managed switch, which is in this case 192.168.1.25.

 

If we disable the zyxel all of the above  works well with  the ISP router. Dear Sir

We have been having serious problems with our inhouse zyxel (USG 40).

What I want to achieve is total isolation between Lan1 (192.168.1.x) and Lan2 (192.168.40.x).

 

Since these are two different lans they should not ping each other. In the first case lan1 does not ping the 192.168.40.x network.

But in the second case lan2 pings certain IPs from the lan1 network (i.e the default gateway which is 192.168.1.200)

 

We have two output interfaces WAN and OPT. Our requirements is that LAN1 --> WAN

                                                                                                                                 LAN2--> OPT

WHat I Want to achieve is total isolation between LAN1 and LAN2 as stated above.

 

I have also a serious problem with the LAN1 network.

I have recently added a structured vlan network on LAN 1. 

I created these vlans on  managed switches ( vlan 10,20,30). having default gateway LAN1 ( 192.168.1.200)

 

How can I create a tagged (trunk) connection on the zyxel (that includes vlan 1,10,20.30) from lan 1 that  connects to the managed switches ?

As it is configured now all vlans 10,20,30 do not get any reply from the default.gateway ( 192.168.1.200) even though we have added static routes

192.168.10.x

192.168.20.x

192.168.30.x 

all vlans to go to the managed switch, which is in this case 192.168.1.25.

 

If we disable the zyxel all of the above  works well with  the ISP router. ffe

Dear Sir

We have been having serious problems with our inhouse zyxel (USG 40).

What I want to achieve is total isolation between Lan1 (192.168.1.x) and Lan2 (192.168.40.x).

 

Since these are two different lans they should not ping each other. In the first case lan1 does not ping the 192.168.40.x network.

But in the second case lan2 pings certain IPs from the lan1 network (i.e the default gateway which is 192.168.1.200)

 

We have two output interfaces WAN and OPT. Our requirements is that LAN1 --> WAN

                                                                                                                                 LAN2--> OPT

WHat I Want to achieve is total isolation between LAN1 and LAN2 as stated above.

 

I have also a serious problem with the LAN1 network.

I have recently added a structured vlan network on LAN 1. 

I created these vlans on  managed switches ( vlan 10,20,30). having default gateway LAN1 ( 192.168.1.200)

 

How can I create a tagged (trunk) connection on the zyxel (that includes vlan 1,10,20.30) from lan 1 that  connects to the managed switches ?

As it is configured now all vlans 10,20,30 do not get any reply from the default.gateway ( 192.168.1.200) even though we have added static routes

192.168.10.x

192.168.20.x

192.168.30.x 

all vlans to go to the managed switch, which is in this case 192.168.1.25.

 

If we disable the zyxel all of the above  works well with  the ISP router. 

All Replies

  • PeterUK
    PeterUK Posts: 2,757  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited August 2021
    Options
    Their are default rules that allow from LAN1 to any and from LAN2 to any you need to disable and make rules for LAN to WAN.   
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,073  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @mourikis

    Welcome to join Zyxel community.

    In the first case, you can edit the From/To zone of security policy of “LAN1_Outgoing” and “LAN2_Outgoing” and edit them to “From LAN1 to WAN” and “From LAN2 to WAN” respectively. Please refer to the below:

    Double click the policy and edit it.


    Edit the From/To zone from “From LAN1 to any” to “From LAN1 to WAN”.



    Edit the From/To zone from “From LAN2 to any” to “From LAN2 to WAN”.



    In the second case, you can refer to the first case security policy setting and the below VLAN setting.


    The VLAN1 setting on USG40:



    The VLAN10 setting on USG40 (VLAN20 and VLAN30 are similar to VLAN10’s setting.):


    BTW, could you check your switch setting? For instance, if you connect the USG40 lan1 port to the physical port1 of the switch, you need to check if the physical port1 of the switch can transfer packets with VLAN ID 1, 10, 20, 30. Once USG40 receives those packets from the switch, USG40 will untag those VLAN IDs and forward the packet.

Security Highlight