Filter
Top Products
Network > Interfaces
186
SonicOS 5.8.1 Administrator Guide
Physical Interfaces
Physical interfaces must be assigned to a zone to allow for configuration of Access Rules to
govern inbound and outbound traffic. Security zones are bound to each physical interface
where it acts as a conduit for inbound and outbound traffic. If there is no interface, traffic cannot
access the zone or exit the zone.
For more information on zones, see “Network > Zones” on page 283.
Virtual Interfaces (VLAN)
Supported on SonicWALL NSA series security appliances, virtual Interfaces are subinterfaces
assigned to a physical interface. Virtual interfaces allow you to have more than one interface
on one physical connection.
Virtual interfaces provide many of the same features as physical interfaces, including zone
assignment, DHCP Server, and NAT and Access Rule controls.
Virtual Local Area Networks (VLANs) can be described as a ‘tag-based LAN multiplexing
technology’ because through the use of IP header tagging, VLANs can simulate multiple LAN’s
within a single physical LAN. Just as two physically distinct, disconnected LAN’s are wholly
separate from one another, so too are two different VLANs, however the two VLANs can exist
on the very same wire. VLANs require VLAN aware networking devices to offer this kind of
virtualization – switches, routers and firewalls that have the ability to recognize, process,
remove and insert VLAN tags in accordance with the network’s design and security policies.
VLANs are useful for a number of different reasons, most of which are predicated on the VLANs
ability to provide logical rather than physical broadcast domain, or LAN boundaries. This works
both to segment larger physical LAN’s into smaller virtual LAN’s, as well as to bring physically
disparate LAN’s together into a logically contiguous virtual LAN. The benefits of this include:
• Increased performance – Creating smaller, logically partitioned broadcast domains
decreases overall network utilization, sending broadcasts only where they need to be sent,
thus leaving more available bandwidth for application traffic.
• Decreased costs – Historically, broadcast segmentation was performed with routers,
requiring additional hardware and configuration. With VLANs, the functional role of the
router is reversed – rather than being used for the purposes of inhibiting communications,
it is used to facilitate communications between separate VLANs as needed.
• Virtual workgroups – Workgroups are logical units that commonly share information, such
as a Marketing department or an Engineering department. For reasons of efficiency,
broadcast domain boundaries should be created such that they align with these functional
workgroups, but that is not always possible: Engineering and Marketing users might be
commingled, sharing the same floor (and the same workgroup switch) in a building, or just
the opposite – the Engineering team might be spread across an entire campus. Attempting
to solve this with complex feats of wiring can be expensive and impossible to maintain with
constant adds and moves. VLANs allow for switches to be quickly reconfigured so that
logical network alignment can remain consistent with workgroup requirements.
• Security – Hosts on one VLAN cannot communicate with hosts on another VLAN unless
some networking device facilitates communication between them.