SonicWALL NSA2400 NetBIOS between two subnet not work with IP Helper

Posted on 2009-05-05
Last Modified: 2013-11-25
Hi all,

I am using SonicWALL NSA 2400, it work well with the VPN and other thing.

But not I am setting two subnet on two interface. Then the problem here.

On X0 interface is a Default LAN, I am using 192.168.18.x/24
On X1 interface is a Default WAN, with Static Public IP
On X2 interface, it is a Limit LAN (I named it) and I make this as are Public Zero (Like DMZ, but it is not using for DMZ, just other LAN with higher security) that holded 192.168.19.x/24 this LAN IP range.....

The problems is all setting are default, then I plug the workstation A1, A2 on X0, B1 on X2 interface...

The default firewall setting from LAN Limit to LAN is all thing disallow, so I add the NetBIOS Port open and SMB that need for file shared or Network Neigborad port open in the Firewall rules ... to make the B1 workstation can connect to some A1 and A2 workstation ...

The problems is this, only IP can work from the LAM Limit to LAN, other like NetBIOS Name that using \\abc will never work.

So I search the SonicWALL support, finded the IP Helper, then I enabled it and add the following policy also don't work.

X0 to X2 allow
X2 to X0 allow
Both are using Network Based IP and subnet ...

So I am totoal lose on that, if the netbios not work, it is not good for end-user, since some workstation much join the W2K3 AD and some workstation on the X2 interface not need to join the Domain...

On the Defult LAN X0 interface, all workstation are no problems both using IP or NetBIOS to connect to the share resource ....

Any suggest for me is welcome, and I am beginner on this case, so if have detail step by step is good for me.

Thank you.
Question by:explorer1979
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 17

Expert Comment

ID: 24305165
NetBIOS won't work over a routed network.

SMB over TCP *will* work on a routed network but you may need to hepl it out.

If you have a WINS server, make sure all your workstations can see it , and know abotu it.

Otherwise, you may need to do one of (or a mixture of)

- using IP address, not server name, in SMB commands, e.g. Net Use f: \\\Sharename
- put the IP address and server name in the HOSTS file of each system.

Either of which is going to be annoying if you later decide to renumber, of course. Such is life.


Author Comment

ID: 24321991
Hi ccomley,

  We haven't WINS Server, since we just have two DC, and many book also suggestion don't run the WINS on DC.

  If we add WINS Server, do also need two server? One place on the 192.168.18.x subnet, and other place on the 192.168.19.x subnet?

  Where are the HOSTS files? This files is place on the client side workstation or other place?

  Thank you very much again.
LVL 38

Accepted Solution

ChiefIT earned 250 total points
ID: 24347259
Don't mess with the HOSTS file. You want the LMHOST File between domain master browsers of each site.

HOST files are for DNS lookups, in the event you don't have a DNS server.

LMHOST files are for WINS lookups, in the event you don't have a WINS server.

Since SMB or netbios shares are highly targeted, you should check with sonic wall customer service to see how they secure SMB sharing between subnets. I think SonicWall can do so. That would be your best and most secure method to access network shares.

If that will not work for you, then a WINS connection between both domain servers, or an LMHOST on both servers will work for you. These LMHOST Files are editable with a text editor, like notepad.

Featured Post

Enroll in June's Course of the Month

June's Course of the Month is now available! Every 10 seconds, a consumer gets hit with ransomware. Refresh your knowledge of ransomware best practices by enrolling in this month's complimentary course for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
Sending a Secure fax is easy with eFax Corporate ( First, just open a new email message. In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With  eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question