Solved

TZ180 : routing traffic between two subnets

Posted on 2009-07-16
6
864 Views
Last Modified: 2013-11-16
I have attached a drawing of the network.
In the left side of the drawing this is the existing network of site01 company
In the right side of the drawing this is the new network will add to the existing one.
As you can see there is a Sonicall firewall TZ180 on the new network. each of the networkget there own DNS server
The goal is :
how do I setup the Sonicall to transfer requests coming from a computer on network 173.16.0.0/16 over the EVPN network to a device 192.168.220.10
I would like to deny any any rule between the two networks and only the specific IP addresses / ports must be opened as required. This will block viruses from site01 from getting onto the new network.

Thks in adavnce for your feedback
0
Comment
Question by:madinina
  • 3
  • 3
6 Comments
 
LVL 32

Expert Comment

by:nappy_d
ID: 24874684
You need to setup a rule on both TZ units as such:

Unit A Rule

Source IP 173.16.0.x/16 Destination IP 192.168.220.10 Protocol x

Unit B Rule

Source IP 192.168.220.10 Destination IP 173.16.0.x/16 Protocal x
0
 

Author Comment

by:madinina
ID: 24876054
Nappy,

There is only one firewall not two.
The subnet173.13.0.x/16 is connected to the DMZ port of the firewall and the other subnet is connected to the LAN internal port of the firewall.
0
 
LVL 32

Expert Comment

by:nappy_d
ID: 24877580
OK then the same principle applies.   The source and destination would be your OPT(DMZ) and your LAN ports...

Rule 1
Source IP 173.16.0.x/16 Interface LAN Destination IP 192.168.220.10 Interface Opt Protocol x

Rule 2
Source IP 192.168.220.10 Interface Opt Destination IP 173.16.0.x/16 Interface LAN Protocol x
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:madinina
ID: 24877767
What about the defaut rules. Do I have to deny them??
Madinina
0
 
LVL 32

Accepted Solution

by:
nappy_d earned 250 total points
ID: 24877793
You should unless you want other unwanted traffic between your DMZ and LAN to traverse each other.
0
 

Author Comment

by:madinina
ID: 24947320
I added a routing rule for both way but I got packets dropped when I ping from 176.16.0.1 to 192.168.220.10

176.16.0.1 (host)---------------176.16.0.50(DMZ FW interface)
                                                 |
                                     192.168.220.50 (LAN Firewall interface)
                                                 |
                                                 |
                                                 |
                                      192.168.220.10 (host)

Both firewall interfaces are on the same physical firewall. There is no two firewalls
         
     

Any idea ?
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Sonicwall - avoid extra logon to get to Internet 11 49
Secure Connection Failed - Sonicwall FW 1 86
l2tp tunnel from pc to router 14 87
Pfsense - and other email Servers 8 42
Occasionally, we encounter connectivity issues that appear to be isolated to cable internet service.  The issues we typically encountered were reset errors within Internet Explorer when accessing web sites or continually dropped or failing VPN conne…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question