Solved

Sonicwall nodes

Posted on 2009-03-31
2
1,007 Views
Last Modified: 2012-06-21
I am looking into a TZ180 for a client and am trying to understand this node thing.
Lets assume we get the 10 node version and we have 20 machines on the network....
(I know I should probably be getting the 25 node version)
but my question is will the other 10 machines not be able to access the internet at all? Or will they just not be protected by the "firewall"?
It says that it supports 1024 dhcp leases which is why I am confused.  What exactly are the 10 nodes for?  Just the firewall features?
Thanks.
0
Comment
Question by:splitrockit
2 Comments
 
LVL 32

Assisted Solution

by:dpk_wal
dpk_wal earned 62 total points
ID: 24046251
By 10 node license it means that any first users on a network of 20 users would be able to access the internet, any user from 11 and onwards would be denied internet access.
There would no compromise for any user on firewall part.
If you wish to have few machines not access the internet you can configure Node License Exclusion List [System > Licenses].

DHCP lease is for internal network management and has nothing to do with node license; consider an example where there are only 7 users on an office and 5 printers; normally printers would not access internet. In this case 10 user node license would serve the purpose, also DHCP would be able to lease IP address to all 12 devices (7 users and 5 printers) however, still a max of 10 users get to internet.

The way node licenses are used, whenever a machine from internal zones attempts to send traffic to WAN interface a license is consumed for that machine. Any subsequent traffic uses same license for that machine. After a 5 minute period of inactivity, hosts are considered inactive and the license is freed and can be utilized by other hosts on the network.

Please let know if you need more information.

Thank you.
0
 
LVL 16

Accepted Solution

by:
ccomley earned 63 total points
ID: 24048394
The "nodes" are "IP addresse on the LAN (or DMZ) side of the firewall which can access the WAN.

The first ten (twenty five, etc) that the Sonicwall sees are given access, after that, you will see a Licence Exceeded enty i the log and the eleventh (twenty sixth) computer to try to access the internet will get no response. Such computers can still see LAN resources, but can't access the outside world.

If you find that things like printers are taking up "slots" in the table, you can write DENY rules which prevent them from talking to the net, if they can't talk they don't get filled in in the table and counted.

However, if you have more than 10 actual bums on seats (and you should allow for your server(s) and for any guest users) then you need better than a 10user box.

Note - with Enhanced OS on the Sonicwall you can clear down the table and start over, so if a visitor has "used" up a valuable node count you can clear it without rebooting. With Standard OS, you need to reboot to clear expired entries from the table.

0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now