• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1643
  • Last Modified:

Sonicwall routing

I have a Sonicwall TZ 210. The LAN interface is X0 (192.168.1.0), WAN is X1 (75.99.99.0).

I wanted to put a device (192.168.40.10) on interface X2

How do I configure the Sonicwall device to route packets from the 192.168.1.0 network to the 192.168.40.1 device?
When I configure the X2 interface with address 192.168.40.2, it creates an automatic entry in the route table, I can ping the device from the SonicWall, but cannot from the LAN network.
SonicWall-router.jpg
0
Hamptonite
Asked:
Hamptonite
  • 4
  • 3
  • 3
  • +1
1 Solution
 
expert02232010Commented:
You need to create a route on your internal network for the 192.168.40.x subnet that routes to the X1 interface IP address of the sonicwall
0
 
HamptoniteAuthor Commented:
The Sonicwall is THE router, why does it not route the packets to the X1 or X2 interfaces depending on the IP?
0
 
expert02232010Commented:
Have you created firewall rules to all traffic between X0 and X2?  

0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
HamptoniteAuthor Commented:
The firewall is set to allow all bewteen the interfaces.
0
 
expert02232010Commented:
what does a tracert report from each side?
can the 192.168.40.10 get to the internet ok?
0
 
digitapCommented:
what type of traffic is on this interface? you will need to either create a new zone for this interface or use the LAN zone. if there is an inherent trust and you don't need to really manage the traffic between the two interfaces, then just use the LAN zone.

when you've decided on a zone, go to network > interface. select the X2 interface and edit it. the issue you are having probably has to do with the portshield function. when you edit the X2 interface, you want to choose the zone and then click the drop down for IP assignment. default will be portshield. select static and you can choose an IP on the 192.168.40.0/24 subnet and this will be the gateway for your hosts on that interface.

when you click OK, the sonicwall create all the routes and firewall rules needed to communicate between the two interfaces. as long as you use the IP of the X2 interface as the gateway on your X2 hosts, it should route properly.

hope that helps!
0
 
HamptoniteAuthor Commented:
digitap - I had already  configured the interface as you suggested. I think I need to give you more information;
There is only one host on the .40 network. It already has a default gateway and I do not really have access to that network, although it is sitting a couple of feet from my servers.

A company is trying to intergrate the two systems' SQL data, so has asked if I could access the SQL server (192.168.40.10) from my network (192.168.0.0/24). I can ping 192.168.40.10 on the X2 interface from the Sonicwall (192.168.40.2) but I think what may be happening is that since 192.168.40.10 has a different gateway, when I ping it from the 192.168.0.0 network, the ICMP packets are being lost.

Is there a way to have traffic flow through the interface?

Literally, I could connect an Ethernet cable between the two networks and assign IPs from both networks on the PC that needs access, but I'd rather be able to set firewall rules and monitor traffic between the two networks to prevent virus outbreaks, etc.
Route-Traffic-RedNX.jpg
0
 
digitapCommented:
if you could get their IT to add the following route to their SQL server, i think that would solve your routing problem:

route ADD 192.168.0.0 MASK 255.255.255.0 192.168.40.2

you've essentially added the gateway of the sonicwall on the X2 interface for traffic trying to get to your subnet. hope they'll let you do that.




0
 
HamptoniteAuthor Commented:
digitap - sounds like a good plan. I am in contact with their tech people and will let you know how it turns out.
0
 
digitapCommented:
i believe adding the route on the other vendor's hardware is the answer here. the other end doesn't know how to route the network and adding the route resolves that problem. it would be great to get that confirmation, but i'm not sure Hamptonite will have success getting the other end to add the route. nothing against Hamptonite. Rather, the other vendor might not let the route be added. That would be the sure test.
0
 
QlemoC++ DeveloperCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 4
  • 3
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now