Solved

Setting up multiple DSL connections on SonicWall NSA250M

Posted on 2013-06-15
8
265 Views
Last Modified: 2014-09-04
Hi there, I am hoping somebody can help me. I have a SonicWall NSA250M and have recently acquired a second DSL line (our connection speed is poor). I have managed to add the new connection as the X3 interface and added it to the load balancing (round robin) group.

We can see the increased performance when browsing the net but I have a problem; when the second line is connected we lose the ability to send emails - is this an access group/routing issue? Also, if I go to a web browser and check my ip, I get both external ip's - this is not in itself a problem, but can I stop the second line broadcasting its ip?

Hope you can help.

Thanks

James
0
Comment
Question by:ilikeulike
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
8 Comments
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 500 total points
ID: 39251934
Not sure what you mean by "broadcasting its ip".

However, when you go out the 2nd link, your firewell will NAT/PAT the IP address provided by your 2nd ISP.  So whenever you go out the 2nd link, you have your 2nd ISP's IP address.  Nothing you can do about this, because that is how it works.

As for sending e-mail.  It it all e-mail or just some e-mail?  I would expect  that you may have problems sometimes when your SMTP server tries to go out the second link.  The receiving side will see your domain/host name coming from your 2nd ISP's address.  If it does a forward lookup for your host/domain name it will not match.  Some SMTP servers will reject e-mail when this happens.
0
 

Author Comment

by:ilikeulike
ID: 39252975
hi there, you are correct, it is not all email, just email that presumably tries to go out on the X3 interface. This is when we get the error 550 relaying message.  Can i set up a rule to force email to use the original interface?

Thanks

James
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39254441
Not really familiar with SonicWall, I look at the doc but you should be able to.
0
Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 39254938
It's probably the common https doesn't work with round robin load balancing. You either have to choose a percent mode or make rules to push all https traffic through one interface.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39256611
What does https have to do with SMTP traffic?

Anyhow.

It looks like Sonicwall support route policies.  So you can setup a route policy so that traffic from your SMTP server is forced out a specific interface.  You can either do all traffic from your SMTP server, or just port 25 traffic.

Example of screen shot is here:

http://www.mojocode.com/content/isolating-load-balanced-connection-sonicwall
0
 
LVL 39

Expert Comment

by:Aaron Tomosky
ID: 39256643
Smtp is frequently done using ssl on port 587. So it's the same problem as https.
0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 39257385
Well yes, but in this case I doubt it.

When one SMTP server sends e-mail to another SMTP server it uses port 25 clear text.

Port 587 can be used by an e-mail client to send e-mail to its SMTP server using SSL.

I am making the assumption ilikeulike's problem deals SMTP server to SMTP server communications.

Although it is possible that ilikeulike hosts their SMTP server external to his company and their e-mail clients use 587 and SSL to communicate with it.

In which case the route policy would need to include all IP addresses trying to communicate to port 587.
0
 

Author Comment

by:ilikeulike
ID: 39258484
Hi guys, thanks for the great discussion. I will check out the routing rules today. To clarify, we have our Exchange server on our local network.
Thanks

James
0

Featured Post

Major Incident Management Communications

Major incidents and IT service outages cost companies millions. Often the solution to minimizing damage is automated communication. Find out more in our Major Incident Management Communications infographic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SonicWall Max Connection Setting 7 76
replacing 2811 to ISR 4331 2 77
Cisco 2911 Router - slow download speeds but very fast upload speeds 5 71
Access-List 15 58
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question