• April 30, 2024, 04:12:48 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: DFL-860, this (vlan) configuration is possible?  (Read 2926 times)

asalsido

  • Level 1 Member
  • *
  • Posts: 12
DFL-860, this (vlan) configuration is possible?
« on: July 10, 2014, 03:55:03 AM »
Hello, I will briefly describe my question in Spanish, I hope you understand me.

Is it possible to configure 2 network segments in the DFL-860 firewall?
For example, 192.168.0.0/24 and 192.138.1.0/24
What I want to do is create separate and different rules for each segment, is it possible?


*Additional information...
Concreto un poco mi escenario en español:

- Firewall DFL-860
                     /-- (0.2)dmz-DFL860----solo tráfico VPN - Internet---Oficina2
- LAN (0.0/24) --- (0.1)ISA SERVER(9.250)---(9.1)DFL860 --- (10.10)wan1 --- routerA
                                                                               \-- (20.10)wan2 --- routerB
- Quiero usar wan1 para unos PCs y wan2 para otros.
- ISA Server NATea conexiones de lan a dfl. Se ocultan las IPs de origen de la lan.
- Como el DFL necesita saber la IP de los PCs de la lan para saber si salen por wan1 o wan2...
- cambio en el ISA la relación de un PC, a modo de prueba, de NAT a Route. Con esto el DFL "ve" la IP de ese PC.
- Entonces, sin configurar nada más en el DFL, desde ese PC puedo navegar por http pero no por https, no sé por qué. Supongo que, como el PC tiene ip 0.x y el DFL 9.x, no se entienden bien.
- Por eso he pensado en crear una vlan 0.0/24 para los PCs que no Natea el ISA. A ver si así puedo crear reglas del tipo: allow_standard     NAT     lan     vlan1    WANS     all-nets     all_tcpudp
- Pero no sé si se puede porque el DFL-860 solo tiene una interfaz lan

A los que hayan llegado hasta aquí, gracias. Thanks ;-)
Logged

Rara Avis

  • Imperator
  • Level 2 Member
  • **
  • Posts: 76
Re: DFL-860, this (vlan) configuration is possible?
« Reply #1 on: July 10, 2014, 10:14:14 AM »
I don't speak spanish, and google translate wasn't a huge help in this case.  Good Luck.

Yes, you can have as many networks behind the DFL as you like.

Yes, you normally have to make separate rules for them.

Normally if you want traffic to use different WANs you will require a second routing table and a (policy based) routing rule to designate which traffic uses the new routing table.

No, double NAT'ing using your ISA isn't a problem by itself, though difficulty with HTTPS is fairly characteristic of a bad double NAT scenario.  The most important thing is to make sure you don't use conflicting networks as that can make for havoc when routing.  For ease of use I would beg that you don't use double NAT, ever, period.
Logged
Nullum magnum ingenium sine mixtura dementiae fuit. - Seneca
There has never been a great genius without a element of madness.

asalsido

  • Level 1 Member
  • *
  • Posts: 12
Re: DFL-860, this (vlan) configuration is possible?
« Reply #2 on: July 10, 2014, 11:22:12 PM »
Thanks, it has been very helpful.
Logged