Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Help on sonicwall nsa 2400

Posted on 2011-03-15
12
Medium Priority
?
2,166 Views
Last Modified: 2013-11-16
Hi. I recently setup a Sonicwall NSA 2400 firewall. Basically the configuration is like that.

Router-->Sonicwalll Nsa 2400 firewall --> Vlan Enabled Switch.

The VLAN enabled switch has 30 vlans configured. One of the vlans (vlan id 30) is where all the servers are. Basically this vlan is configured as a  10.10.1.0/24 network. My Sonicwall firewall LAN interface ip is 10.10.1.10. Is it possible? The rest of my vlans ips do not overlap my sonicwall firewall LAN ip.Only this one will overlap.. Can advice? In this case what can I do? I need to access my servers in vlan 30 (10.10.1.0 network). Can i don't declare the vlan id 30 as a sub interface on the sonicwall firewall or do I need to use another IP address for the LAN interface of the firewall

If i dont declare the vlan id 30 as a sub interface in the firewall and just plug in the sonicwall firewall internal lan port to the trunk port of the switch, will it be able to access vlan 30?

Pls advice?
0
Comment
Question by:chowhao81
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
12 Comments
 
LVL 33

Expert Comment

by:digitap
ID: 35140764
why don't you change the ip subnet of the LAN on the sonicwall? is the switch managing the vlans a layer 3 switch?
0
 

Author Comment

by:chowhao81
ID: 35144087
Yes it is a layer 3 switch. Is there anyway that I can dont add the vlan id 30 as a sub interface and it works?
0
 
LVL 33

Assisted Solution

by:digitap
digitap earned 2000 total points
ID: 35144460
since your switch is a layer 3 switch, you can make the ports of each vlan untagged members for their respective vlan. you'll want to create an interface in vlan 30 with an ip of that respective subnet on your layer 3 switch. on the switch, make the IP of the sonicwall LAN interface the gateway of last resort. this way, hosts will be able to get to the internet.

in order for internet traffic to get back to the respective host in their respective vlan, you'll need to create routes for each subnet and point it to the ip of the switch on VLAN 30.

hope that makes sense.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:chowhao81
ID: 35144474
So this means, I still have to create a sub interface vlan 30 in my firewall. My lan IP has to be different as this sub interface?.
0
 
LVL 33

Expert Comment

by:digitap
ID: 35144497
no, you don't have to create the subinterface. as long as you give it the IP on the 10.10.1.x IP and put it on a port that's an untagged member of vlan30, you'll be fine.

making a port a tagged member of a vlan, means that the traffic coming from a host is tagging it with the respective vlan. making a port a untagged member, simply isolates that traffic from from the other ports on the switch. since your switch is a layer 3 switch, it can route internally between all those vlans. otherwise, you'd have to have a router to route between the vlans.

hope that makes sense.
0
 
LVL 33

Expert Comment

by:digitap
ID: 35144501
sorry, you don't have to create the subinterface on the sonicwall. as long as you give the LAN interface of the sonicwall an IP address on the 10.10.1.x subnet.
0
 

Author Comment

by:chowhao81
ID: 35144518
Ok but for the rest of the vlans I need to create the sub interface right? only for this vlan 30 I do not need to. I connect the Lan interface of the firewall to the trunk port of the switch? So on the switch I need to make the gateway to be the ip of the sonicwall right then the packets can flow through.
0
 
LVL 33

Accepted Solution

by:
digitap earned 2000 total points
ID: 35144554
you do need to create a interface for each vlan with the appropriate IP for the subnet it represents. no, you don't have to connect the sonicwall to a trunk port. since your switch routes, you only need to make sure the route for 0.0.0.0 = the ip address of your sonicwall.

your switch will record the IP addresses within it's arp tables. the switch will have an interface for each vlan with it's respective IP address and will route to that IP.

what layer 3 switch do you have?
0
 

Author Comment

by:chowhao81
ID: 35145151
Hi

This means I declare all the rest of the vlan sub interfaces on the firewall other than vlan 30 and just make sure the. 0.0.00 route is to the internal ip of the sonicwall firewall. That's all?
0
 
LVL 33

Expert Comment

by:digitap
ID: 35147495
i think you've got it. you only want the server ports and the port for the sonicwall to be on vlan 30. keep the other vlans intact. if your other valns are talking among each then you should already have interfaces setup for them. are your vlans talking among each other currently?

what kind of switch do you have?
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 35373035
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question