[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2174
  • Last Modified:

Help on sonicwall nsa 2400

Hi. I recently setup a Sonicwall NSA 2400 firewall. Basically the configuration is like that.

Router-->Sonicwalll Nsa 2400 firewall --> Vlan Enabled Switch.

The VLAN enabled switch has 30 vlans configured. One of the vlans (vlan id 30) is where all the servers are. Basically this vlan is configured as a  10.10.1.0/24 network. My Sonicwall firewall LAN interface ip is 10.10.1.10. Is it possible? The rest of my vlans ips do not overlap my sonicwall firewall LAN ip.Only this one will overlap.. Can advice? In this case what can I do? I need to access my servers in vlan 30 (10.10.1.0 network). Can i don't declare the vlan id 30 as a sub interface on the sonicwall firewall or do I need to use another IP address for the LAN interface of the firewall

If i dont declare the vlan id 30 as a sub interface in the firewall and just plug in the sonicwall firewall internal lan port to the trunk port of the switch, will it be able to access vlan 30?

Pls advice?
0
chowhao81
Asked:
chowhao81
  • 6
  • 4
2 Solutions
 
digitapCommented:
why don't you change the ip subnet of the LAN on the sonicwall? is the switch managing the vlans a layer 3 switch?
0
 
chowhao81Author Commented:
Yes it is a layer 3 switch. Is there anyway that I can dont add the vlan id 30 as a sub interface and it works?
0
 
digitapCommented:
since your switch is a layer 3 switch, you can make the ports of each vlan untagged members for their respective vlan. you'll want to create an interface in vlan 30 with an ip of that respective subnet on your layer 3 switch. on the switch, make the IP of the sonicwall LAN interface the gateway of last resort. this way, hosts will be able to get to the internet.

in order for internet traffic to get back to the respective host in their respective vlan, you'll need to create routes for each subnet and point it to the ip of the switch on VLAN 30.

hope that makes sense.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
chowhao81Author Commented:
So this means, I still have to create a sub interface vlan 30 in my firewall. My lan IP has to be different as this sub interface?.
0
 
digitapCommented:
no, you don't have to create the subinterface. as long as you give it the IP on the 10.10.1.x IP and put it on a port that's an untagged member of vlan30, you'll be fine.

making a port a tagged member of a vlan, means that the traffic coming from a host is tagging it with the respective vlan. making a port a untagged member, simply isolates that traffic from from the other ports on the switch. since your switch is a layer 3 switch, it can route internally between all those vlans. otherwise, you'd have to have a router to route between the vlans.

hope that makes sense.
0
 
digitapCommented:
sorry, you don't have to create the subinterface on the sonicwall. as long as you give the LAN interface of the sonicwall an IP address on the 10.10.1.x subnet.
0
 
chowhao81Author Commented:
Ok but for the rest of the vlans I need to create the sub interface right? only for this vlan 30 I do not need to. I connect the Lan interface of the firewall to the trunk port of the switch? So on the switch I need to make the gateway to be the ip of the sonicwall right then the packets can flow through.
0
 
digitapCommented:
you do need to create a interface for each vlan with the appropriate IP for the subnet it represents. no, you don't have to connect the sonicwall to a trunk port. since your switch routes, you only need to make sure the route for 0.0.0.0 = the ip address of your sonicwall.

your switch will record the IP addresses within it's arp tables. the switch will have an interface for each vlan with it's respective IP address and will route to that IP.

what layer 3 switch do you have?
0
 
chowhao81Author Commented:
Hi

This means I declare all the rest of the vlan sub interfaces on the firewall other than vlan 30 and just make sure the. 0.0.00 route is to the internal ip of the sonicwall firewall. That's all?
0
 
digitapCommented:
i think you've got it. you only want the server ports and the port for the sonicwall to be on vlan 30. keep the other vlans intact. if your other valns are talking among each then you should already have interfaces setup for them. are your vlans talking among each other currently?

what kind of switch do you have?
0
 
QlemoC++ DeveloperCommented:
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now