Solved

Can a SonicWALL route two networks?

Posted on 2011-03-14
9
787 Views
Last Modified: 2012-05-11
I currently have a 10.100.0.x network for my data and all our VoIP stuff is on 192.168.0.x. Currently we have two Juniper SSG-140 for each. I would like to switch us over to a single SonicWALL NSA 3500. I have worked a lot with SonicWALL but my question is, if I put both on different interfaces and keep the same networks would I be able to communicate between the networks if I configured the firewall rules correctly?

What would I use for the default gateway on both sides?
0
Comment
Question by:ThorinO
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 33

Expert Comment

by:digitap
ID: 35130728
when you say same network, does that mean the same IP subnet for both?
0
 
LVL 10

Author Comment

by:ThorinO
ID: 35130795
Sorry what I mean is keeping the same 10.100.0.x and 192.168.0.x networks. Put them on different SonicWALL interfaces, both of those interfaces would go to the same switch. The 10.100.0.x would use a gateway of 10.100.0.1 and the 192.168.0.x would use 192.168.0.1 as the gateway. Would I then be able to communicate between the two or would I be able to do something else to get communication working.
0
 
LVL 33

Accepted Solution

by:
digitap earned 500 total points
ID: 35130981
you could do that on the sonicwall. is 10.100.0.1 the gateway for the LAN interface of the sonicwall? if you need to segregate traffic or set any bandwidth management rules for your voip traffic, you'll want to create a new zone for that traffic. if you just need to route between the two network, then keep then put the new interface for the 192.168.0.x subnet on the LAN zone. for that matter, if you have a newer sonicwall with the enhanced OS, you can set firewall rules based on interface so i don't think it really matters much. keeping the zones LAN sets an inherent "trust all" on the traffic.
0
Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

 
LVL 10

Author Comment

by:ThorinO
ID: 35131000
Ultimately I would like to take advantage of Exchange 2010 unified messaging, setup monitoring on the VoIP LAN, etc. Right now we can't because everything is physically separate. The only way we currently can do this is to go in/out public interfaces which isn't good.
0
 
LVL 33

Assisted Solution

by:digitap
digitap earned 500 total points
ID: 35131145
yes. what kind of monitoring are you wanting to do, sonicwall viewpoint? with that thought, i'd create VOIP zone and assign it to an available interface and give it the subnet you want. keep your existing LAN on the X0 LAN interface. you'll setup VOIP <> LAN firewall access rules. if you enable any kind of bandwidth management, you'll need to setup this via firewall access rules. it will be easier to do this or any other kind of traffic management if you have it on a separate zone.
0
 
LVL 10

Author Comment

by:ThorinO
ID: 35131297
I have a Icinga setup which is a fork of Nagios so I would like to monitor the VoIP stuff on that LAN. I will also be getting ViewPoint. I will have to mess with it when I get it but I wanted to get some confirmation before I spent the money, thanks!
0
 
LVL 33

Expert Comment

by:digitap
ID: 35135140
i'm not familiar with that monitoring hardware, so i don't know how it "monitors". is it transparent to the traffic and can sit between the voip hardware and the interface on the sonicwall? does it create a separate subnet between it and the sonicwall and between it and the voip hardware?

viewpoint is easy. install the software on a server and point the logs to the server....done.
0
 
LVL 10

Author Comment

by:ThorinO
ID: 35139073
I basically just needs the ability to ping, use port 5666, and whatever other ports I have setup to be monitored.
0
 
LVL 33

Expert Comment

by:digitap
ID: 35140487
what confirmation are you looking for from me (us) specifically? i phrased my answer in multiple ways, but i feel like you still have some specific question that isn't getting the answer you're looking for.
0

Featured Post

Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question