Solved

Three internal networks on a SonicWall TZ200?

Posted on 2010-08-29
6
3,247 Views
Last Modified: 2012-05-10
Can you configure a SonicWall TZ 200 to have 3 internal interfaces..

I have a client that currently has 2 internal network, 1 is the "public" somewhat like a DMZ where it is open to the internet and has a shared printer. It is on the network of 192.168.40.X

Second is a network that used the 192.168.40.X netowrk as the WAN interface and it is secured for his office. (192.168.50.X

Now he needs to add a third that has a VPN for remote connection to an IP phone systen, on a separate network (say 192.168.60.X)

Currently the 2 different networks are on different physical switches.

So can the TZ 200 be set to have 3 of the ports each set to one of the abobve networks. And can the VPN from the remote office for the phones be directed to the internal IP phone box>
0
Comment
Question by:911bob
6 Comments
 
LVL 4

Expert Comment

by:pamiken
ID: 33554970
The tz200 is not capable of multiple interfaces.  Basically you would need a firewall that's vlan aware.  The tz200 is not. It seems any of the pro or nsa devices will on the enhanced OS would though.
0
 

Author Comment

by:911bob
ID: 33555175
How about a Cisco ASA 5505? with the Security Plus?

Higher price..

If the clients goes for it OK, otherwise I will use one of his static IP's and put in a TZ100 just for the IP Phone, and let the user come in from the normal route.



0
 
LVL 4

Expert Comment

by:pamiken
ID: 33555189
yes, the asa5505 with security will be capable as it can support up to 20 vlans.  
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 33

Expert Comment

by:digitap
ID: 33555577
I'm reading through the spec sheet and see that the TZ200 will do as described in the question above.  Am I missing something?http://www.sonicwall.com/downloads/DS_TZ_Series_US_Final.pdf
0
 
LVL 1

Accepted Solution

by:
freez965 earned 500 total points
ID: 33555834
Yes, you can configure the TZ200 for the separate LAN links you would like using portshield interfaces.  By default, the X0, X2, X3, X4 ports are all LAN side ports (X1 should be your WAN).  Unless you split up the ports for some reason, they should all be on the same LAN.  While there are a lot of ways to slice this pie in terms of connectivity (for example, having ONE port handle all of the subnets), I would recommend you consider the following since you want to segment the ports.

1)  If you are still current on your support, you can always open a case with their tech support and have them help you set this up just the way you want.  They have always been fairly responsive (of course that is dependent on your perception and level of panic you may feel at any given time...lol).

2)  Take a look at this configuration guide for portshield interfaces.  The guide is written for their 1260 appliance, but the concepts apply to any UTM device that has the portshield capabilities such as the TZ 200.  http://www.sonicwall.com/downloads/configuring_portshield_interfaces.pdf

3)  You can also take a look at a short video about configuring sonicwall scenario's that are similar, but not exactly like yours.  It may be helpful.  Here is the "general" page:  http://www.sonicwall.com/us/support/13529.html

4)  Lastly, it's always a good idea IMHO to draw out exactly what you want to see/have happen on your network.  It helps to clarify in your mind what needs to be done.

I don't want to make things more confusing, but you could also consider this last guide here:
http://www.sonicwall.com/downloads/supporting_multiple_firewalled_subnets_on_sonicos_enhanced.pdf

Hopefully this will be enough to help you get started...
0
 

Author Comment

by:911bob
ID: 33592780
I Did a simple test with a TZ100 I have and it appears to work, and I can port forward to one netowrk or the other.. so it appears it will work.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
Hi All,  Recently I have installed and configured a Sonicwall NS220 in the network as a firewall and Internet access gateway. All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now