Solved

Sonicwall best practice ...

Posted on 2012-04-09
12
1,216 Views
Last Modified: 2012-04-18
Hello, I've just installed a Sonicwall security device for our small business.

I am unable to connect to the LAN X0, if I am connecting over wifi (from the W0 (wlan) interface). I cannot ping computers on the X0.

X0 is on 192.168.0.xx and W0 is on 172.16.31.xx

May I know how to do it and what is the best practice ?

thanks. Clifford
0
Comment
Question by:CliffordNg
  • 7
  • 4
12 Comments
 
LVL 15

Expert Comment

by:Perarduaadastra
Comment Utility
It seems that these Sonicwall units block traffic from WLAN to LAN by default.

You need to go into the management interface and add LAN-WLAN and WLAN-LAN firewall rules that will allow traffic to flow between them.

You don't say which unit you have, but Sonicwall provide instructions here under KBID 5351, though the last update to the article was two years ago...
0
 

Author Comment

by:CliffordNg
Comment Utility
thanks. it's a NSA 220.

If i understand well, having different subnets does not matter ... i will still be able to ping, right ?

Cheers
0
 
LVL 15

Expert Comment

by:Perarduaadastra
Comment Utility
The Sonicwall will take care of the routing between the subnets, so once you've added the rules you should be able to ping hosts successfully regardless of which subnet you're on.
0
 
LVL 16

Expert Comment

by:Syed_M_Usman
Comment Utility
Dear,

please make sure you have enabled interface trust,,,,,
0
 

Author Comment

by:CliffordNg
Comment Utility
hello syed, hmm, what is the interface trust ? Cannot find it on the Sonicwall mgmt
0
 

Author Comment

by:CliffordNg
Comment Utility
@Perarduaadastra, good morning, I've set up as follows and I still cannot connect from WLAN to LAN, although I can connect to the internet via WAN.

Is there something I am missing ?

      LAN      >      WLAN      1      Any      Any      Any      Allow      All                           
      WLAN      >      LAN      1      Any      Any      Any      Allow      All                           

Please help - Clifford
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 15

Expert Comment

by:Perarduaadastra
Comment Utility
I'm struggling a bit here, as my Sonicwall is an elderly TZ170, and yours is rather newer!

I have discovered, though that the interface trust referred to by Syed_M_Usman is only available in the SonicOS Enhanced version, which I suspect you don't have...

The closest I can find on SonicWall's support pages is KBID 3558; if you substitute WLAN for OPT, the principle of allowing traffic between zones still holds.

Sorry I can't be more help.
0
 

Author Comment

by:CliffordNg
Comment Utility
thanks Peraduaadastra.

I've seen and enabled the Interface Trust for WLAN, it is found in Zone. the interface trust for LAN was default activated. I've activated for WLAN, but in vain.

I'm pretty sure Syed knows about it more. Thanks for helping, Clifford
0
 
LVL 15

Expert Comment

by:Perarduaadastra
Comment Utility
Perhaps you have to reboot the appliance after making this change? It seems unlikely, but doesn't cost anything to try...
0
 

Author Comment

by:CliffordNg
Comment Utility
rebooting did not help :(

Please see my config screenshot below.

sonicwall management screenshot
0
 

Accepted Solution

by:
CliffordNg earned 0 total points
Comment Utility
problem sorted. all pcs on the lan should have gateway pointed to the sonic wall.
0
 

Author Closing Comment

by:CliffordNg
Comment Utility
found answer
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now