How to setup communication beetween VLANs

adi_dragnic
adi_dragnic Posts: 15  Freshman Member
First Anniversary Friend Collector First Comment
edited April 2021 in Security
Hi,

I have divided departments with VLANs but i need them to communicate with Active directory Vlan. How can i  enable communication with other VLAN? 

Thanks in advance 
Adi 
«1

All Replies

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,366  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @adi_dragnic  

    After added VLAN on USG, it will add routing automatically.

    So additional configuration is unnecessary.


    The traffic outgoing from USG VLAN interface is VLAN tag on.

    So you need additional switch to un-tag the packets.

    Then there is no problem to communicating between VLANs.


  • adi_dragnic
    adi_dragnic Posts: 15  Freshman Member
    First Anniversary Friend Collector First Comment

    I have Wan fail over configured with policy based routing using this manual https://www.youtube.com/watch?v=6XhyZ3KWaxc , how to configure communication to other VLAN with policy based routing ?

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,366  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @adi_dragnic

    Can you describe your topology of your scenario and what’s your goal that you want to achieve in your VLANs?

  • adi_dragnic
    adi_dragnic Posts: 15  Freshman Member
    First Anniversary Friend Collector First Comment

    Hi Stanley ,

    I have 2 isp providers connected to Wan1 and Wan2 , devided network in 4 Vlans ( 10,11,12,and 20 ) configured Wan failover for all VLANS using Policy Based routing but when i have policies on there is no communication between VLANS i need to configure for all VLANS to have access to VLAN20 where i will have servers .

    Regards

    Adi

  • PeterUK
    PeterUK Posts: 2,705  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited June 2019

    Have you given each VLAN a zone like for VLAN10 make a zone VLAN10 then edit VLAN10 to be in zone VLAN10 . Then you make firewall policy from VLAN10 to VLAN20

  • adi_dragnic
    adi_dragnic Posts: 15  Freshman Member
    First Anniversary Friend Collector First Comment

    Hi Peter i did not give VLAN zones i have all VLANS in zone Lan1

    . How can i create Zones ?

    I dont have in zones menu vlans ?

    Thanks in advance

    Adi

  • PeterUK
    PeterUK Posts: 2,705  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer

    To makes zones.

    Object > Zone

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,366  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @adi_dragnic

    I guess you have enabled “Use IPv4 Policy Route to Override Direct Route” function, so routing priority has changed.

    It leads VLANs unable community with each other by direct route.

    You can disable “Use IPv4 Policy Route to Override Direct Route” first, and make sure “Direct Route” priority is higher than “Policy Route” in your packet flow.

    Then your VLANs should able community with each other by Direct Route.

  • adi_dragnic
    adi_dragnic Posts: 15  Freshman Member
    First Anniversary Friend Collector First Comment

    @Zyxel_Stanley Yes but when i unchecked this Wan failover rules wont't work am i correct ?

  • adi_dragnic
    adi_dragnic Posts: 15  Freshman Member
    First Anniversary Friend Collector First Comment

    I will try that in non working hours ... :D thank you :)

Security Highlight