https://community.cisco.com/t5/network-security/firewall-for-restricting-access-between-vlan/m-p/1625324#M565270 <P>Hi.</P><P></P><P>I am about to set up a network with about 20+ different VLANs and they are suppose to just access the Internet and not eachother, is this possible with a zone-based firewall? To put all the interfaces belonging to VLANs in one zone allowing them to just access the Internet and not eachother.</P><P></P><P>My questions are:</P><P></P><P>Is it possible and what do i need to configure for this to work?</P><P></P><P>Regards Tommy Svensson</P> Mon, 11 Mar 2019 19:56:36 GMT Tommy Svensson 2019-03-11T19:56:36Z https://community.cisco.com/t5/network-security/firewall-for-restricting-access-between-vlan/m-p/1625324#M565270 <P>Hi.</P><P></P><P>I am about to set up a network with about 20+ different VLANs and they are suppose to just access the Internet and not eachother, is this possible with a zone-based firewall? To put all the interfaces belonging to VLANs in one zone allowing them to just access the Internet and not eachother.</P><P></P><P>My questions are:</P><P></P><P>Is it possible and what do i need to configure for this to work?</P><P></P><P>Regards Tommy Svensson</P> Mon, 11 Mar 2019 19:56:36 GMT https://community.cisco.com/t5/network-security/firewall-for-restricting-access-between-vlan/m-p/1625324#M565270 Tommy Svensson 2019-03-11T19:56:36Z https://community.cisco.com/t5/network-security/firewall-for-restricting-access-between-vlan/m-p/1625325#M565271 <HTML><HEAD></HEAD><BODY><P>Yes, you can use Zone Based FW to restrict access, however, you do not want to put them into the same zone because same zone means they will be able to access each other.</P><P></P><P>If you don't want to have access between each zone, you will place them in different zones, and just create policy and zone pair for each of the zone towards the outside.</P><P></P><P>Here is configuration guide on ZBFW:</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/products/ps6441/products_feature_guide09186a008060f6dd.html">http://www.cisco.com/en/US/products/ps6441/products_feature_guide09186a008060f6dd.html</A></P><P></P><P>But in general, here is what you have to configure:</P><P>1) Configure the access-list to match what you want to allow</P><P>2) Create class-map, to match on the access-list created on step1</P><P>3) Create policy-map, with the action of inspect for the class created on step2</P><P>4) Create zone member</P><P>5) Create zone-pair, with source zone being internal vlan, and destination zone being the outside/internet, and apply the policy-map to the zone-pair</P><P>6) Lastly place the zone under the vlan interface</P><P></P><P>Hope that helps.</P></BODY></HTML> Fri, 25 Feb 2011 08:30:00 GMT https://community.cisco.com/t5/network-security/firewall-for-restricting-access-between-vlan/m-p/1625325#M565271 Jennifer Halim 2011-02-25T08:30:00Z https://community.cisco.com/t5/network-security/firewall-for-restricting-access-between-vlan/m-p/1625326#M565272 <HTML><HEAD></HEAD><BODY><P>Im using a Cisco 2911 router and want to restrict access between VLANs, is zone based firewall the way to go or am i missing something?</P><P></P><P>Regards Tommy Svensson</P></BODY></HTML> Thu, 03 Mar 2011 11:58:59 GMT https://community.cisco.com/t5/network-security/firewall-for-restricting-access-between-vlan/m-p/1625326#M565272 Tommy Svensson 2011-03-03T11:58:59Z