SonicWALL NSA2400 NetBIOS between two subnet not work with IP Helper

Posted on 2009-05-05
Last Modified: 2013-11-25
Hi all,

I am using SonicWALL NSA 2400, it work well with the VPN and other thing.

But not I am setting two subnet on two interface. Then the problem here.

On X0 interface is a Default LAN, I am using 192.168.18.x/24
On X1 interface is a Default WAN, with Static Public IP
On X2 interface, it is a Limit LAN (I named it) and I make this as are Public Zero (Like DMZ, but it is not using for DMZ, just other LAN with higher security) that holded 192.168.19.x/24 this LAN IP range.....

The problems is all setting are default, then I plug the workstation A1, A2 on X0, B1 on X2 interface...

The default firewall setting from LAN Limit to LAN is all thing disallow, so I add the NetBIOS Port open and SMB that need for file shared or Network Neigborad port open in the Firewall rules ... to make the B1 workstation can connect to some A1 and A2 workstation ...

The problems is this, only IP can work from the LAM Limit to LAN, other like NetBIOS Name that using \\abc will never work.

So I search the SonicWALL support, finded the IP Helper, then I enabled it and add the following policy also don't work.

X0 to X2 allow
X2 to X0 allow
Both are using Network Based IP and subnet ...

So I am totoal lose on that, if the netbios not work, it is not good for end-user, since some workstation much join the W2K3 AD and some workstation on the X2 interface not need to join the Domain...

On the Defult LAN X0 interface, all workstation are no problems both using IP or NetBIOS to connect to the share resource ....

Any suggest for me is welcome, and I am beginner on this case, so if have detail step by step is good for me.

Thank you.
Question by:explorer1979
LVL 16

Expert Comment

ID: 24305165
NetBIOS won't work over a routed network.

SMB over TCP *will* work on a routed network but you may need to hepl it out.

If you have a WINS server, make sure all your workstations can see it , and know abotu it.

Otherwise, you may need to do one of (or a mixture of)

- using IP address, not server name, in SMB commands, e.g. Net Use f: \\\Sharename
- put the IP address and server name in the HOSTS file of each system.

Either of which is going to be annoying if you later decide to renumber, of course. Such is life.


Author Comment

ID: 24321991
Hi ccomley,

  We haven't WINS Server, since we just have two DC, and many book also suggestion don't run the WINS on DC.

  If we add WINS Server, do also need two server? One place on the 192.168.18.x subnet, and other place on the 192.168.19.x subnet?

  Where are the HOSTS files? This files is place on the client side workstation or other place?

  Thank you very much again.
LVL 38

Accepted Solution

ChiefIT earned 250 total points
ID: 24347259
Don't mess with the HOSTS file. You want the LMHOST File between domain master browsers of each site.

HOST files are for DNS lookups, in the event you don't have a DNS server.

LMHOST files are for WINS lookups, in the event you don't have a WINS server.

Since SMB or netbios shares are highly targeted, you should check with sonic wall customer service to see how they secure SMB sharing between subnets. I think SonicWall can do so. That would be your best and most secure method to access network shares.

If that will not work for you, then a WINS connection between both domain servers, or an LMHOST on both servers will work for you. These LMHOST Files are editable with a text editor, like notepad.

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preface There are many applications where some computing systems need have their system clocks running synchronized within a small margin and eventually need to be in sync with the global time. There are different solutions for this, i.e. the W3…
As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
Sending a Secure fax is easy with eFax Corporate ( First, just open a new email message. In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question