• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 879
  • Last Modified:

SonicWall and Layer 3 Switch setup

Hi all,

I have a Sonicwall firewall which i have used in the past as my default gateway for servers and client pcs. (WAN access, DMZ and VLAN access)

Shortly i am going to have half of my production servers in a datacentre (in another physical location). There are two routers connecting these physical locations together (via dark fibre). The Sonicwall sits here onsite (not in the datacentre). The question is  can i  still make the sonicwall (one of its zone ports, on the same subnet) the default gateway?
Just wondering if it will have any connectivity issues and need to add some routes to the routers or it will find the sonicwall as it is on the same subnet.

Basic drawing attached to show what i mean.
Sonicwall-Default-Gateway.docx
0
ERMA_IT
Asked:
ERMA_IT
  • 3
  • 2
1 Solution
 
pwindellCommented:
LAN Routers control all that.  Not the Sonicwall.

The LAN Routers (not the Sonicwall) need to be the Default Gateway for all the Hosts.
The LAN Router will then use the Sonicwall as the Default Gateway for it.

On the Sonicwall you just have to all the interior Network's IP Ranges to the Trusted Network.
Then you have to add a Static Route on the Sonic wall so that it knows which Router to use to reach the other segments.

It looks like this.  This shows three segments instead of two but that doesn't change how it is done.  It also shows the Firewall as an ISA but that doesn't change anything either.

 3segmentwan.jpg
0
 
ERMA_ITAuthor Commented:
Perfect. Thank you..Makes sense.
0
 
ERMA_ITAuthor Commented:
Thanks again for your advice, very helpful. Can you run your eyes over this diagram and see if ive taken your advice correctly? In particular how ive addressed each WAN/LAN port and the default gateways.

Thank you!.. Topology
0
 
pwindellCommented:
It looks ok.

The WAN IP#'s shown as "???"  in the routing table you show will just depend on whatever the WAN IP of the involved WAN router happens to be on the other end of the WAN link.

On the Firewall to include ALL the IP Ranges of the entire network (including the remote locations) into it Trusted Network Definition.  Generically it is called a Local Address Table (LAT) but I don't know what Sonicwall calls it.   Also the Sonic wall needs a series of static routes that tell it to use Router-1 as the means to get there.  You can probably consolidate some of them into a single table entry if you work it out carefully.
0
 
pwindellCommented:
I have to rewrite that last paragraph since I wrote it so horrible....

Remember on the Firewall to include ALL the IP Ranges of the entire network (including the remote locations) into it Trusted Network Definition.  Generically it is called a Local Address Table (LAT) but I don't know what Sonicwall calls it.   Also the Sonic wall needs a series of static routes that tell it to use Router-1 as the means to get to all the other attached LAN Segments.  You can probably consolidate some of them into a single table entry if you work it out carefully.
0

Featured Post

Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now