Creating a Guest VLAN on a SonicWall TZ Series Firewall
This article will outline how to create a separate Guest VLAN with only access to the Internet, not any other LAN subnets, on your TZ series SonicWall.
- First, we need to create a new ZONE for this guest VLAN. Navigate to Network –> Zones and click ADD.
- Give your new zone a friendly name and set the security type as Public. I also don’t like to enable any of the auto-generate rules for guest VLANs, that way I can add the specific firewall rules as needed myself.
- Choose the Guest VLAN ZONE previously created, specify a unique VLAN tag number and provide the subnet address details for your new VLAN. I like to enable PING on this interface, at least for my testing period, and then I’ll turn it off once I know everything is working.
- Now we need to create the DHCP scope for this new VLAN so that devices can get the propper IP address from DHCP. Navigate to Network –> DHCP Server and click ADD DYNAMIC to create a new scope.
- Lastly, we need to create a firewall rule that only grants traffic from this VLAN to the internet only (WAN interface), and not to any other LAN interface. This is why we did not have the system auto generate the firewall rules in step 2. So we can explicitly specify the access.
- For Internet Access Only, I create my rule with these settings on the first tab. The rest of the settings I stick with the default.