Connect a VLAN network across multiple Airwall Gateways

To connect multiple VLAN-tagged networks together, you do the following:

  • Configure VLAN settings on both Airwall Gateways
  • Add all devices to the Airwall Gateways
  • Set trust betweem the devices in an overlay.

Airwall Gateways remove the VLAN tags from packets as they enter the overlay network, and add them back when they leave. Packets can jump from one VLAN to another seamlessly. You must configure VLANs explicitly on each Airwall Gateway.

In this tutorial, two locations are being connected with a 250 and a 150 Airwall Gateway.

  1. Configure a port on each Airwall Gateway to have a VLAN tag available. This creates additional port objects in the format "Port NUM.VLAN"
    Configure a VLAN tag on a port on the first AirwallConfigure a VLAN tag on a port on the second Airwall
  2. Create an Overlay Port Group for this new VLAN (or add the VLAN to an existing Overlay Port Group).
    Create an overlay port group for the VLANCreate an Overlay Port Group for the new VLAN on the second Airwall
  3. Add the devices that need to communicate with each other behind each Airwall Gateway, and make sure to set Port Affinity / Port Group to the Overlay Port Group that includes the desired VLAN tags.
    Add devices behind each Airwall, and set the Port Affinity group to the VLAN overlay port groupsAdd local devices behind each AirwallAdd local devices behind the second Airwall
  4. Create a new overlay to add the devices to (or add them to an existing overlay) and give them policy with each other:
    Add the devices to an overlay and set trust between them
All of the devices should now be able to communicate with each other through the Airwall Gateways.