Solved

Three internal networks on a SonicWall TZ200?

Posted on 2010-08-29
6
3,256 Views
Last Modified: 2012-05-10
Can you configure a SonicWall TZ 200 to have 3 internal interfaces..

I have a client that currently has 2 internal network, 1 is the "public" somewhat like a DMZ where it is open to the internet and has a shared printer. It is on the network of 192.168.40.X

Second is a network that used the 192.168.40.X netowrk as the WAN interface and it is secured for his office. (192.168.50.X

Now he needs to add a third that has a VPN for remote connection to an IP phone systen, on a separate network (say 192.168.60.X)

Currently the 2 different networks are on different physical switches.

So can the TZ 200 be set to have 3 of the ports each set to one of the abobve networks. And can the VPN from the remote office for the phones be directed to the internal IP phone box>
0
Comment
Question by:911bob
6 Comments
 
LVL 4

Expert Comment

by:pamiken
ID: 33554970
The tz200 is not capable of multiple interfaces.  Basically you would need a firewall that's vlan aware.  The tz200 is not. It seems any of the pro or nsa devices will on the enhanced OS would though.
0
 

Author Comment

by:911bob
ID: 33555175
How about a Cisco ASA 5505? with the Security Plus?

Higher price..

If the clients goes for it OK, otherwise I will use one of his static IP's and put in a TZ100 just for the IP Phone, and let the user come in from the normal route.



0
 
LVL 4

Expert Comment

by:pamiken
ID: 33555189
yes, the asa5505 with security will be capable as it can support up to 20 vlans.  
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 33

Expert Comment

by:digitap
ID: 33555577
I'm reading through the spec sheet and see that the TZ200 will do as described in the question above.  Am I missing something?http://www.sonicwall.com/downloads/DS_TZ_Series_US_Final.pdf
0
 
LVL 1

Accepted Solution

by:
freez965 earned 500 total points
ID: 33555834
Yes, you can configure the TZ200 for the separate LAN links you would like using portshield interfaces.  By default, the X0, X2, X3, X4 ports are all LAN side ports (X1 should be your WAN).  Unless you split up the ports for some reason, they should all be on the same LAN.  While there are a lot of ways to slice this pie in terms of connectivity (for example, having ONE port handle all of the subnets), I would recommend you consider the following since you want to segment the ports.

1)  If you are still current on your support, you can always open a case with their tech support and have them help you set this up just the way you want.  They have always been fairly responsive (of course that is dependent on your perception and level of panic you may feel at any given time...lol).

2)  Take a look at this configuration guide for portshield interfaces.  The guide is written for their 1260 appliance, but the concepts apply to any UTM device that has the portshield capabilities such as the TZ 200.  http://www.sonicwall.com/downloads/configuring_portshield_interfaces.pdf

3)  You can also take a look at a short video about configuring sonicwall scenario's that are similar, but not exactly like yours.  It may be helpful.  Here is the "general" page:  http://www.sonicwall.com/us/support/13529.html

4)  Lastly, it's always a good idea IMHO to draw out exactly what you want to see/have happen on your network.  It helps to clarify in your mind what needs to be done.

I don't want to make things more confusing, but you could also consider this last guide here:
http://www.sonicwall.com/downloads/supporting_multiple_firewalled_subnets_on_sonicos_enhanced.pdf

Hopefully this will be enough to help you get started...
0
 

Author Comment

by:911bob
ID: 33592780
I Did a simple test with a TZ100 I have and it appears to work, and I can port forward to one netowrk or the other.. so it appears it will work.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now