SonicWALL TZ-190 (Want to use the other remaining 7 ports on same LAN)

driven13
driven13 used Ask the Experts™
on
Hello experts:

I have a very simple setup. All my computers are on the LAN. I have a few Firewall Rules and NAT policies governing them.

On the TZ190 (Enhanced) I have only one computer plugged into the Port #1 (I think they are also called "interfaces", but I could be wrong.)

I have two more computers that I want to plug into this SonicWALL. I have them plugged into the #2 and #3 ports (interfaces?) of the TZ190. ALL my computers belong to LAN, just like the computer plugged into the #1 port.

When I click on the EDIT icons for the ports they all say LAN for "PortShield Interface".

But, the #2 and #3 computers are not working as in I cannot browse the web and so forth.

Maybe what I am trying to achieve does not even have to deal with PortShield at all....???

I just want all my computers to be on the same LAN using ports 1, 2, 3 and they should all be able to see each other and talk to each other (Interface Trust??).

Any help will be greatly appreciated.

--d.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
In sonicwall TZ-190 all the LAN ports are like a switch. If we want we can create Port Shield (VLAN) and move the ports to particular port-shield. So check your port-shield configuration whether all the ports are in same port-shield(VLAN).
Top Expert 2010

Commented:
Review page 150 of the manual in the link to get the steps for configuring the portshield ports.  Essentially, you go to the settings for the LAN zone and assign the ports that you want to be part of the LAN zone.

http://www.sonicwall.com/downloads/SonicOS_Enhanced_4.0_TZ_180_190_Administrators_Guide.pdf

Author

Commented:
mani_05_1986, thanx for the response.

Like I mentioned above, when I click on the EDIT icons for the ports they all say LAN for "PortShield Interface".

Is this what you wanted me to check?

Thanx.

--d.

Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

Top Expert 2010

Commented:
are you at the latest firmware?
Top Expert 2010

Commented:
or, tried a power cycle of the TZ190 after configuring the ports?

Author

Commented:
Yes, I have the latest firmware.

Even though I am not sure what you mean by "after configuring the ports"...???

Sorry I am a noob in all this.

--d.
Top Expert 2010

Commented:
no worries...have power cycled the sonicwall at this now that the portshield ports and designated to the lan zone?

Author

Commented:
In Network > Interfaces, I click on the Configure icon for LAN.

In the pop-up window, in the Switch Ports tab I have ports P2 through P8 in the Assigned Ports box.

I have also rebooted the TZ just in case.

But it is still not working.  The computers that I have plugged into P2 and P3 cannot get out to the Internet.

--d.
Top Expert 2010

Commented:
who's handling IP for the clients?  is it the sonicwall or a Windows Server?  Or, are they statically assigned?  if static, make sure they specify the sonicwall as the gateway.  if via DHCP, make sure the DHCP server is providing a gateway.

you say they can't get to the internet, but can they see each other?

Author

Commented:
I don't think the SonicWALL is assigning an IP to the computers connected on ports 2 and 3.

SonicWALL is doing DHCP and it is dynamic in nature.  The gateway is correct as the computer connected to port 1 is working just fine.

I have attached two snapshots to this post.

Thank you for your time.

--d
interfaces.jpg
dhcp.jpg
Top Expert 2010

Commented:
you are correct.  the sonicwall hasn't assigned ANY client on the LAN zone an IP.  looks like the WLAN is working just fine.  how did you assign the ports to the LAN zone?  did you use the setup wizard or do it manually?

you might consider adding them manually to the WLAN zone, then adding them back manually to the LAN zone.  somehow the sonicwall isn't considering those as assigned to the LAN zone. i've read where there were issues with assigning portshield ports to a zone using the setup wizard.  it's possible they fixed that in a subsequent update, but the workaround was to cancel the wizard and allocate them manually.

Author

Commented:
digitap, you are correct in assuming I used the wizard.

How do I add them manually to the LAN zone??  (I am not too concerned about the WLAN zone too much at the moment.)

Indebted to you.

--d.
Top Expert 2010
Commented:
on the new models, there is a Portshield Group directly under Network on the Left hand side.  however, on the version you are running, i believe you add/remove the ports when editing the LAN (X0) interface.

review the instructions i posted here, http:#a33930954.  regarding the WLAN (X2) interface, i was thinking that if you manually add the ports to this interface, then move them back to the LAN (X0) interface, this might help the sonicwall register them properly.

Author

Commented:
I cannot seem to move the ports from the right to the left window in the graphic that I have attached to this post. I believe that is the way I remove ports from the LAN interface.

The other snapshot shows that all the first 4 ports are "live" but surprisingly I have a computer switched ON that is connected to port 2 but it shows it as "No Link".  Ports 3 and 4 have lins connected to them too but the computers are not switched on.

Any idea what is going on??




switch-ports.gif
weird.jpg
Top Expert 2010

Commented:
Would review your current version and compare it with the KB information:

Applies to: SonicWALL TZ 190 and SonicWALL TZ 190 Wireless

Symptom: After partitioning an integrated switch by using the PortShield Wizard, the switch ports are not configured as intended.

Condition: Occurs when using the PortShield Wizard on the Network > Switchports page to partition a switch with 5 ports into 2, 3, or 5 interfaces.

Upgrading to SonicOS Enhanced 3.8.0.9e or above resolves the issue.

Author

Commented:
Firmware Version: SonicOS Enhanced 4.2.1.0-20e

Maybe you can log in and take a look if you are willing...[:0)
Top Expert 2010

Commented:
hmmm...tempting.  check out my profile for correspondence information.

Author

Commented:
I just sent you an email with all the credentials.

Thank you so much.

--d.

Author

Commented:
As it turns out, it was a faulty cable....!!!!  Boy, is my face red.

But the good thing is I learnt a lot from this.  digitap thanx for all your help.

Now to the portshield stuff.  Turns out you must create a portshield interface and assign that portshield interface to a zone.  you have to give it an IP address that isn't shared with any other subnet.  when you assign it to a zone, the sonicwall assumes that you want traffic to traverse between the hosts on the zone and the ports assigned to the portshield interface.  this is the reason you have to give the portshield interface an ip not shared with any other subnet.  the sonicwall must route traffic.  also, this allows you to setup refined firewall rules to help control access between the portshield interface and other zones.  But you only need to do this IF you want to control the traffic for a specific host.  Otherwise, the ports should be like a physical switch connected to the X0 LAN interface.  

Hope this helps someone else.

Thanx again digitap.

--d.
Top Expert 2010

Commented:
you're welcome...glad i could help.

Author

Commented:
Fantastic guy who will spend the time to help you.  You are lucky if you get him to help you.  Knows what he is doing.  Thanx.
Top Expert 2010

Commented:
mani's description of the default settings of the portshield ports is accurate as well, http:#a33927213.
Top Expert 2010

Commented:
thanks for the points!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial