Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3338
  • Last Modified:

Three internal networks on a SonicWall TZ200?

Can you configure a SonicWall TZ 200 to have 3 internal interfaces..

I have a client that currently has 2 internal network, 1 is the "public" somewhat like a DMZ where it is open to the internet and has a shared printer. It is on the network of 192.168.40.X

Second is a network that used the 192.168.40.X netowrk as the WAN interface and it is secured for his office. (192.168.50.X

Now he needs to add a third that has a VPN for remote connection to an IP phone systen, on a separate network (say 192.168.60.X)

Currently the 2 different networks are on different physical switches.

So can the TZ 200 be set to have 3 of the ports each set to one of the abobve networks. And can the VPN from the remote office for the phones be directed to the internal IP phone box>
0
911bob
Asked:
911bob
1 Solution
 
pamikenCommented:
The tz200 is not capable of multiple interfaces.  Basically you would need a firewall that's vlan aware.  The tz200 is not. It seems any of the pro or nsa devices will on the enhanced OS would though.
0
 
911bobCTOAuthor Commented:
How about a Cisco ASA 5505? with the Security Plus?

Higher price..

If the clients goes for it OK, otherwise I will use one of his static IP's and put in a TZ100 just for the IP Phone, and let the user come in from the normal route.



0
 
pamikenCommented:
yes, the asa5505 with security will be capable as it can support up to 20 vlans.  
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
digitapCommented:
I'm reading through the spec sheet and see that the TZ200 will do as described in the question above.  Am I missing something?http://www.sonicwall.com/downloads/DS_TZ_Series_US_Final.pdf
0
 
freez965Commented:
Yes, you can configure the TZ200 for the separate LAN links you would like using portshield interfaces.  By default, the X0, X2, X3, X4 ports are all LAN side ports (X1 should be your WAN).  Unless you split up the ports for some reason, they should all be on the same LAN.  While there are a lot of ways to slice this pie in terms of connectivity (for example, having ONE port handle all of the subnets), I would recommend you consider the following since you want to segment the ports.

1)  If you are still current on your support, you can always open a case with their tech support and have them help you set this up just the way you want.  They have always been fairly responsive (of course that is dependent on your perception and level of panic you may feel at any given time...lol).

2)  Take a look at this configuration guide for portshield interfaces.  The guide is written for their 1260 appliance, but the concepts apply to any UTM device that has the portshield capabilities such as the TZ 200.  http://www.sonicwall.com/downloads/configuring_portshield_interfaces.pdf

3)  You can also take a look at a short video about configuring sonicwall scenario's that are similar, but not exactly like yours.  It may be helpful.  Here is the "general" page:  http://www.sonicwall.com/us/support/13529.html

4)  Lastly, it's always a good idea IMHO to draw out exactly what you want to see/have happen on your network.  It helps to clarify in your mind what needs to be done.

I don't want to make things more confusing, but you could also consider this last guide here:
http://www.sonicwall.com/downloads/supporting_multiple_firewalled_subnets_on_sonicos_enhanced.pdf

Hopefully this will be enough to help you get started...
0
 
911bobCTOAuthor Commented:
I Did a simple test with a TZ100 I have and it appears to work, and I can port forward to one netowrk or the other.. so it appears it will work.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now