VLANs and QoS
SonicWALL includes VLAN functionality for the TZ 190 with their PortShield feature. PortShields are user-created virtual interfaces that enable control over the switch ports on the TZ 190. The TZ 190 has eight switch ports, which in default configuration are all part of a single VLAN. Separating the eight switch ports into different VLANs requires first creating a new Zone, which is as simple as going into the Network Zones menu, clicking Add, and giving your new Zone a name. With a new Zone created, a PortShield Interface can then be added in the Network Interface menu and assigned to the new Zone.
I tested the TZ 190's VLAN functionality by creating a Zone called LAN2, and then added a PortShield Interface called VLAN2 assigned to my new LAN2 Zone. As you can see below, I gave the PortShield interface an IP address in a different subnet (192.168.5.1/24 as opposed to the LAN interface of 192.168.168.168/24) and assigned one of the eight switch ports to be a member of my VLAN2 PortShield interface. A DHCP service was automatically set up by the SonicOS to provide IP addresses to clients off this port in the 192.168.5.0/24 network. I tested this feature by then plugging my laptop into the switch port I assigned to this new VLAN, and verified I was assigned an IP address from the 192.168.5.0/24 network and was able to surf the Internet.
Figure 17: A VLAN PortShield
Recall from the Firewall discussion above the SonicWALL’s ability to control traffic between the wireless LAN and the wired LAN Zones. SonicWALL provides the same control with my newly added Zone. I verified I can Allow or Deny traffic between the LAN Zone and my LAN2 Zone. Further, since I've separated the two zones into different subnets, I have automatically protected each zone from the other's Layer 2 broadcasts, a key value of VLANs.
The TZ 190 also allows for allocating bandwidth to different traffic types, an element of QoS. To ensure sensitive traffic flows, such as VoIP, are allocated sufficient bandwidth, the first step is to define the bandwidth of the WAN interface. I was able to do this by going into the Network Interface menu and setting the capacity (Figure 18) of my Internet service, in this case Verizon FiOS, which runs at 5 Mbps down and about 1.5 Mbps up.
Figure 18: Bandwidth management settings
Once defined, Access Rules in the Firewall can be set up to allocate percentages of bandwidth to specific traffic types. In Figure 19, you can see that I've allocated a minimum or guaranteed bandwidth percentage of 10% and maximum of 15% to VoIP traffic going from my LAN subnets to the WAN interface. Another Access Rule can be set up for the WAN-to-LAN direction. Setting bandwidth allocations ensures activities like web surfing or downloading won't affect delay-sensitive traffic flows.