?
Solved

Sonicwalls - network design questions

Posted on 2011-05-03
15
Medium Priority
?
802 Views
Last Modified: 2012-05-11
Hi guys,
I am planning a network design (attached).  From sonicwalls to barracudas oad balancers, and to blade network enclosure's 1Gbe network switches and storage to 10Gbe network switches.

Wonder if that makes sense.  I am not sure how will the SonicWALLs provide HA in the event of a WAN or HW failure?  The passive SonicWALL WAN interface needs to be connected?

Please confirm.  Thanks.
Net-design.jpg
0
Comment
Question by:Tiras25
  • 8
  • 7
15 Comments
 
LVL 33

Accepted Solution

by:
digitap earned 2000 total points
ID: 35517888
The ISP hardware would connect to a switch and the the two sonicwall appliances will connect their WAN interfaces to the switch. You'll also need a switch for each interface of the sonicwall being used. You could do this with a vlan segmented switch. Here is a KB for setting up the failover on the sonicwalls.

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=7828

You don't indicate that you are using HA with the two sonicwall appliances. In case you are, here is KB for that too.

https://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=6234
0
 
LVL 17

Author Comment

by:Tiras25
ID: 35517933
OKay, so we need to have some kind of ISP hardware.  I do not see anything inside the cabinet..  Only cables from the colo.  
I do not have a switch for each interface of the sonicwall.  So I guess I will do a VLAN segmentation.  

One sonicwall is a primary and another is a HA.
0
 
LVL 33

Expert Comment

by:digitap
ID: 35572407
What type of Internet do you have?
0
Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

 
LVL 33

Expert Comment

by:digitap
ID: 35572692
Oh, and if you are only using X0 (LAN) and X1 (WAN) interfaces of the sonicwall, then you'd only need two switches to implement failover.
0
 
LVL 17

Author Comment

by:Tiras25
ID: 35690810
Correct.  That and X5 for the high availablity.
0
 
LVL 33

Expert Comment

by:digitap
ID: 35691119
OK. You won't need a switch for HA since that's just the comm link between the two appliances for reporting when they are down and up. Do you have stateful HA licensed or are you using ONLY HA?
0
 
LVL 17

Author Comment

by:Tiras25
ID: 35691307
NOt sure what ONLY HA means?  I have one primary and one HA.  I am connecting them via X5 port thats for HA.  What kind of license I need for that?
0
 
LVL 33

Assisted Solution

by:digitap
digitap earned 2000 total points
ID: 35691359
Stateful HA has one as primary and one as secondary. When you update the config on the primary, the settings are synchronized to the secondary. If you initially have one appliance and you purchase Stateful HA from sonicwall, they give you a price break on the second firewall. You, in the end, only have to license one sonicwall because both sonicwalls act as one sonicwall. The HA that you have setup means each sonicwall is configured as individual sonicwalls.

Do you have any site to site VPNs or GVC users?
0
 
LVL 17

Author Comment

by:Tiras25
ID: 35692162
Yes I have 10 site2site VPN offices and.... what's GVC users?
0
 
LVL 33

Assisted Solution

by:digitap
digitap earned 2000 total points
ID: 35692282
GVC = Global VPN Client. If I'm not mistaken, simple HA allows for failover, but does not support keeping your VPN connections online. Your failover sonicwall would have a different public IP address which could potentially break the VPN connections if the other end didn't have the secondary public IP of the failover unit configured. This would go for any public DNS entries for things like web servers and exchange. With Stateful HA, a new MAC is established for the WAN and LAN. Then, there is a single ip for both WAN and LAN. When failover occurs, it's seamless.

Not trying to sell stateful HA and I'm in no way affiliated with sonicwall. I'm merely laying out what the options looks like. I'm not sure what your expectations are with your current HA configuration plans.
0
 
LVL 17

Author Comment

by:Tiras25
ID: 35695014
Thank you for the information!  This is a good question on what I have.   How can I check that out.  I am waiting from my vendor...
0
 
LVL 33

Assisted Solution

by:digitap
digitap earned 2000 total points
ID: 35695093
Here's a KB explaining Stateful HA.

http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=6229

Here's a KB walking through setting up HA and references both non-stateful and stateful HA.

http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=6234

More info.

http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=5377
0
 
LVL 17

Author Comment

by:Tiras25
ID: 35699911
Just checked with my Sonicwall vendor.  I did indeed purchase that license.

SNWL STATEFUL HA UPG FOR NSA 3500.  So I am in a good shape for HA.
0
 
LVL 33

Assisted Solution

by:digitap
digitap earned 2000 total points
ID: 35700023
super! then i'd say you're all set for that. seems we got side tracked on the ha issue, so ujcertain if we covered your original question(s). did we?
0
 
LVL 17

Author Closing Comment

by:Tiras25
ID: 35700285
Thank you!!
0

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security is one of the biggest concerns when moving and migrating your data from your on-premise location to the Public Cloud.  Where is your data? Who can access it? Will it be safe from accidental deletion?  All of these questions and more are imp…
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question